Major phishing contributors and enablers

Agari announced the first Annual Sumo Awards to dishonor phishing’s biggest contributors and enablers. The Sumo Awards categories identify why phish emails succeed, highlight unknowing contributors who aid criminal phishing, and suggest how businesses can take collective action and responsibility to prevent malicious attacks through email.

This year’s Sumo Awards focus on the successful characteristics of phishing attacks against the banking industry. Leveraging Agari’s Big Data Platform, which spans more than one billion mailboxes, Agari isolated and studied the one percent of phishing attacks on U.S. banks that succeeded to understand how they beat the defenses and landed in the inbox.

By analyzing millions of successful phishing schemes that made it into the inboxes of unsuspecting banking customers, Agari reveals core vulnerabilities that apply worldwide and across industries. While traditional email security technologies thwart the majority of spam and phishing schemes, this latest data shows that criminals are changing tactics and devising new and creative ways to get around these systems.

The first Sumo Dishonors go to:

Most successful scheme: Infrastructure hijacking

Nearly 100 % of the top successful phish against banks involved infrastructure hijacking. Phishing criminals are using legitimate infrastructure — servers and software — owned by reputable institutions to conduct successful phishing campaigns against banks. Using compromised, legitimate servers allows the criminals to bypass a battalion of email security defenses and deliver phish to the inbox. In fact, of the top 300 successful phishing attacks to U.S. banks, all used compromised servers from legitimate companies.

Worst country award: United States

Contrary to common perception, the largest phishing threats to U.S. banks originated from domestic servers. The United States was responsible for distributing the vast majority of attacks on U.S. banks. Of the top 100 threats to U.S. banks, 52 percent originated in the United States. Of all threats to U.S. banks, 39.2% originated from the United States, nearly 4 times higher than #2 Germany.

Best supporting actor: System administrators

Attacks are most often aided and abetted by system administrators who deploy unprotected infrastructure within organizations that criminals discover and exploit. An accomplice to the crime, system administrators could have thwarted approximately 25% of successful phishing attacks against banks by simply patching known hardware and software vulnerabilities, thereby eliminating the use of legitimate, company infrastructure for disseminating malicious attacks.

Lifetime achievement award: The botnet

Agari research revealed that only half a percent of successful banking phish were sent by Botnets, signaling the tail end of “The Botnet Era.” To be successful, criminals are relying on more sophisticated schemes that can only be prevented through new anti-phishing models and technologies.

“The insight that system administrators are indirectly responsible for 25% of e-mail borne threats might be surprising, but is in line with our data from the Laws of Vulnerabilities analysis on patching speed,” said Wolfgang Kandek, CTO of Qualys. “Agari provides visibility into organizations’ e-mail traffic, and its Software-as-a-Service model makes it easily accessible.”