The Anti-Phishing Working Group (APWG) is the worldwide coalition unifying the global response to cyber-crime across industry, government and law-enforcement sectors. The information in this article is a description of what is trending, according to APWG recently published Phishing Activity Trends Report for 2nd Quarter 2016.
Phishing Activity Trends for 2ndQuarter 2016
- The most targeted industry sector during the second quarter of 2016 continued to be the Retail/Service sector with Financial Services sitting in second place.
- In Q2 2016, 18 million new malware samples were captured.
- The world’s most-infected countries are led by China, where 49.02% of computers are infected by malware, followed by Taiwan (47.34%) and Turkey (40.99%).
- Scandinavian countries had the lowest percentages of infection.
- The number of phishing websites observed in Q2 2016 by APWG increased 61% from Q1 2016.
- The number of individual brands targeted by phishers in the first quarter has stayed reasonably constant.
Hardest Hit Industry Sector
The Retail/Service sector again bore the brunt of phishing attacks (as it did in Q1 2016) with 43%. Financial Services remained in second place with 16% of attacks and Payment Services came in at third place with 13%.
Malware Infected Countries – 2nd Quarter 2016
PandaLabs (a member of APWG) detected 18 million new malware samples between April to June 2016. This is an average of 200,000 per day, which is 10% lower than the previous quarter. For years, Trojans have been the most prevalent type of malware, and this trend has continued in the second quarter of 2016 with Trojans accounting for 71.53% of new malware strains detected. Ransomware attacks, which are included under the Trojan category, have increased significantly. PandaLabs analysis found that infections were caused by Trojans in 67.01% of cases, while PUPs (Potentially Unwanted Programs) ranked second, accounting for 27.03% of infections.
China had the highest malware infection rate, with 49.02%, whilst at the other end of the scale, Sweden recorded the lowest infection rate, at 19.88%.
Highest Ranked
| Ranking | Country | Infection Rate |
| 1 | China | 49.02% |
| 2 | Taiwan | 47.34% |
| 3 | Turkey | 40.99% |
| 4 | Russia | 38.95% |
| 5 | Guatemala | 37.56% |
Lowest Ranked
| Ranking | Country | Infection Rate |
| 41 | Belgium | 22.78% |
| 42 | Japan | 22.24% |
| 43 | Norway | 21.63% |
| 44 | Finland | 20.65% |
| 45 | Sweden | 19.88% |
According to Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, the overall percentage of infected computers was 29.05 percent, which is lower than the previous quarter.
Phishing Site Trends
The total number of unique phishing websites observed by APWG hit an all-time high at 466,065. This was an increase of 61% from the 289,371 recorded in Q1 2016 and a whopping three times higher than the 158,574 phishing websites found in Q4 2015.
Unique phishing campaigns received by APWG from consumers – in which multiple users receive emails with a common subject line, directing them to a specific phishing site – were significantly higher in April (121,028), than they were in May (96,490) and June (98,006).
Brand-Domain Pairs Measurement – 2nd Quarter 2016
The chart below displays statistics based on brands phished, unique domains, unique domain/brand pairs, and unique URLs. A ‘Brand/domain pairs’ is a unique instance of a particular domain that is used to target a specific brand. Therefore, even if multiple URLs are targeting a brand, if they are hosted on the same domain, the brand/domain pair would be counted as one rather than many. If a greater number of unique URLs are found compared to brand/domain pairs, it indicates that multiple URLs are being hosted on the same domain to target the same brand. Having this information is extremely useful to the brand being attacked, as it indicates approximately how many attacking domains need to locate and taken down.
Brand Attacks
In the second quarter of 2016, the number of brands targeted by phishers stayed reasonably constant. Between 411 and 425 brands were targeted each month, with a range of 393 to 442 unique brands being hijacked in any given month across 2015 and into the first half of 2016.