The Anti-Phishing Working Group (APWG) is the worldwide coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors. The information in this article is a description of what is trending, according to APWG recently published Phishing Activity Trends Report for 1st Quarter 2016.

Phishing Activity Trends for 1st Quarter 2016

  • The most targeted industry sector during the first quarter of 2016 continued to be the Retail/Service sector with Financial Services sitting in second place.
  • In Q1 2016, 20 million new malware samples were captured.
  • The number of phishing websites observed by APWG increased 250% from the last quarter of 2015 through the first quarter of 2016.
  • The United States continued its position at top on the list of nations hosting phishing websites.
  • The number of brands targeted by phishers in the first quarter has stayed reasonably constant.
  • The world’s most-infected countries are led by China, where 51.35% of computers are infected by malware, followed by Turkey (48.02%) and Taiwan (41.24%).

Hardest Hit Industry Sector

The Retail/Service sector bore the brunt of 42.71% of phishing attacks keeping this sector at the top of the list. Financial Services remained in second place with 18.67% of attacks. We continue to see high volumes of attacks targeting cloud-based or SAAS companies, driving significant increases in the Retail Service sector. Financial and Payment targets are still heavily targeted.

Malware Infected Countries – 1st Quarter 2016

An APWG member detected more than 20 million new malware samples in the first three months of 2016. This averages out to 227,000 per day, which is a slight increase on the same quarter in 2015, which averaged 225,000 new samples per day. For years, Trojans have been the highest ranking type of malware, and this trend has continued in the first quarter of 2016 with Trojans accounting for 66.81% of new malware strains detected. Ransomware is included under the Trojan category, and that style of malware has increased significantly. According to Carl Leonard, Principal Security Analyst at Forcepoint: “Ransomware authors exhibited a willingness to change their scare tactics and algorithms in Q1 2016 as they sought to scam end-users. They are more determined and aggressive in 2016. End-users should be aware of the danger and take preventative measures.”

This analysis found that most infections are caused by Trojans in 65.89% of cases.

The regions of Asia and Latin America had the highest malware infection rates.

Ranking Country Infection Rate Ranking Country Infection Rate
1 China 51.35% 6 Russia 37.98%
2 Turkey 48.02% 7 Mexico 36.32%
3 Taiwan 41.24% 8 Peru 36.02%
4 Ecuador 39.59% 9 Poland 35.55%
5 Guatemala 38.01% 10 Brazil 34.00%

Phishing Site Trends

The total number of unique phishing websites observed by APWG rose by a staggering 250% over the six months from October 2015 to March 2016. While an increase in December is always expected, due to extra spamming and online fraud attacks during the Christmas shopping season, the continued increase into 2016 is concerning. A record 289,371 unique phishing websites were detected in Q1, 123,555 of which were found in March 2016 alone. In contrast, only 44,575 unique phishing sites were identified in November 2015.

Unique phishing campaigns received by APWG from consumers – in which multiple users receive emails with a common subject line, directing them to a specific phishing site – also soared from just under 100,000 in January to nearly 230,000 in both February and March.

Phishing Site Host Countries

The United States holds a large percentage of the world’s web sites, and again found themselves at the top of the list, in the first quarter 2016, for countries where phishing sites were hosted. Cyber criminals infiltrate vulnerable web hosting, to locate hosting for their phishing sites. Below is a table showing the top three countries for January to March 2016.

January February March
United States 75.10% United States 81.90% United States 75.62%
Belize 4.79% United Kingdom 2.20% China 4.16%
Netherlands 3.59% Germany 2.15% Hong Kong 3.05%

Note: Australia came in at 9th place for the whole quarter.

Brand Attacks

In the first quarter of 2016, the number of brands targeted by phishers stayed reasonably constant. Between 406 and 431 brands were targeted each month, with a range of 391 to 442 unique brands being hijacked in any given month across 2015 and into 2016.

Host Countries for Phishing-Based Trojans and Downloaders

The United States continued to be the top-ranking country hosting phishing-based Trojans and downloaders in the first quarter of 2016.

October November December
United States 77.73% United States 71.50% United States 62.36%
China 5.00% Iceland 4.91% China 13.71%
Rep. of Korea 3.41% United Kingdom 3.50% Iceland 3.28%