APWG Q2 Report: Cybercrime Gangs Attempting and Achieving Heists of Ever Greater Scale

Russian Phishing Gangs Mounting High-Ticket BEC Attacks – and the Average BEC Attack Demand Now Topping $80,000

CAMBRIDGE, Mass.--()--The APWG’s new Phishing Activity Trends Report for Q2 2020 details how companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing. The organizations perfecting these criminal enterprises now include a sophisticated Russian cyber-gang, in addition to the West African scammers who have traditionally perpetrated BEC attacks.

APWG contributor Agari reports that the average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns. Agari also found that scammers requested funds in 66 percent of BEC attack in the form of gift cards, which are easier to cash out. During the second quarter of 2020, the average amount of gift cards requested by BEC attackers was $1,213, down from $1,453 in the first quarter of 2020.

Agari also studied the movements of a BEC gang in Russia that it calls Cosmic Lynx. “We were expecting that Russian cybercriminals would move into the world of BEC because the return on investment for basic social engineering attacks is much higher than launching more sophisticated (and more expensive) malware-based attacks,” said Crane Hassold, Agari’s Senior Director of Threat Research. The average ransom demanded by Cosmic Lynx in its attacks runs to an astounding $1.27 million.

In other news, the number of phishing sites detected in the second quarter of 2020 was 146,994, down from the 165,772 observed in the first quarter. Phishing that targeted webmail and Software-as-a-Service (SaaS) users continued to be biggest category of phishing. Attacks targeting the Social Media sector increased in Q2 about 20 percent over Q1, primarily driven by targeted attacks against Facebook and WhatsApp. After an explosion in 2019 and into the first quarter of 2020, phishing in Brazil dropped back slightly.

Abuse of Web security infrastructure reached a grim new plateau in Q2 2020, as well, with APWG contributor PhishLabs reporting that nearly 78 percent of all phishing websites employ SSL/TLS certificates as part of the deceptive schemes they use to lure in users and gain their confidence.

In addition, PhishLabs founder and CTO John LaCour observed, “The vast majority of certificates used in phishing attacks — 91 percent — are Domain Validated (“DV”) certificates. Interestingly, we found 27 web sites that were using Extended Validation (“EV”) certificates” – by hacking websites that already had them legitimately installed.

Read the full text of the report here: http://docs.apwg.org/reports/apwg_trends_report_q2_2020.pdf

About the APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. APWG’s membership of more than 2200 institutions worldwide is as global as its outlook. APWG’s directors, managers and research fellows advise national governments; global governance bodies like the Commonwealth Parliamentary Association, OECD, International Telecommunications Union and ICANN; hemispheric and global trade groups; and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Operationally, the APWG conducts its missions through: APWG, a US-based 501(c)6 organization; the APWG.EU, the institution’s European chapter established in Barcelona in 2013 as a non-profit research foundation incorporated in Spain and managed by an independent board, including APWG founding directors; and the STOP. THINK. CONNECT. Messaging Convention, Inc., a US-based non-profit 501(c)3 corporation.

Contacts

For media inquiries related to the APWG Q2 2020 report:
APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123);
OpSec: Stefanie Ellis at OpSec Security (Stefanie.ellis@markmonitor.com);
Agari: Jean Creech of Agari (jcreech@agari.com, +1.650.627.7667);
Axur: Eduardo Schultze of Axur (eduardo.schultze@axur.com, +55 51 3012-2987);
PhishLabs: Stacy Shelley of PhishLabs (stacy@phishlabs.com, +1.843.329.7824);
RiskIQ: Kari Walker of RiskIQ (Kari@KariWalkerPR.com, +1.703.928.9996).

Release Summary

APWG Reports Cybercrime Gangs Attempting and Achieving Heists of Ever Greater Scale. Russian Phishing Gangs Mounting High-Ticket BEC Attacks.

Contacts

For media inquiries related to the APWG Q2 2020 report:
APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123);
OpSec: Stefanie Ellis at OpSec Security (Stefanie.ellis@markmonitor.com);
Agari: Jean Creech of Agari (jcreech@agari.com, +1.650.627.7667);
Axur: Eduardo Schultze of Axur (eduardo.schultze@axur.com, +55 51 3012-2987);
PhishLabs: Stacy Shelley of PhishLabs (stacy@phishlabs.com, +1.843.329.7824);
RiskIQ: Kari Walker of RiskIQ (Kari@KariWalkerPR.com, +1.703.928.9996).