Beware Of The Latest EvilProxy Of Phishing Crimes
JAKARTA - Technological developments have many benefits in various fields of life. But behind that, cyber threats or crimes are increasingly emerging. One of the crimes in cyberspace that continues to increase every percentage in 2023 is none other than tricking to steal data with the aim of cheating or commonly known as Phishing.
Phishing is a form of cyber crime committed to steal the victim's personal data or information, such as mobile banking passwords, social media accounts, and so on. Usually, phishing mode is done through text messages, emails, and fake telephones to trick the victim.
Deputy for Development, Applied Research, Innovation and Engineering of the Indonesian Internet Domain Name Manager (PANDI), Muhammad Fauzi said that currently the phishing threat must be more vigilant because many names of phishing domains use HTTPS protocol (hypertext transfer).
"Perpetrators of phishing can trick victims by using HTTPS protocol so that people believe that the domain is reliable and safe to access," said Muhammad Fauzi.
Reporting from the Indonesia Anti-Phishing Data Exchange (IDADX) report page, Indonesia occupies the top position as a country that hosted a phishing domain site.id during Q3 of 2023 and continued in second position, namely United States. In the third quarter, the countries used to host domain phishing sites were more varied than in the previous quarter.
The industrial sector in Indonesia is the most targeted for phishing attacks, namely social media at 55.45%, which was followed by the second position, namely financial institutions at 22.70%. This position has changed in the previous few quarters where financial institutions were in the top position.
In Q3 2023 there are 9,823 url phishing, where the data comes from 52 different domains. Some of the SLDs targeted for phishing are id, my.id, biz.id, ponpes.id, ac.id, and web.id.
Reporting from the website of the National Cyber and Crypto Agency (BSSN) it was found that there were 164,131 cases of phishing email in Indonesia in 2022. This number came mostly from private emails, namely 59,210 cases. A total of 52,744 cases of phishing email came from group email. Then, there were 52,177 cases of phishing originating from other emails.
VOIR éGALEMENT:
Meanwhile, 93,897 cases of e-mail phishing occurred during working hours or 09.00-17.00. Meanwhile, 70,234 other cases were carried out outside working hours from 17.00 to 09.00. Phishing emails that occurred in 2022 also often attach a file. The most dominant file format has an.pdf extension, which is more than 100,000 cases.
IT expert from the CISSReC Cyber Security and Communication Research Institute (Communication and Information System Security Research Center) Pratama Persada said cybercrime with fraud modes is not only rampant in Indonesia but also occurs in almost all parts of the earth.
"Indonesia even according to research results from Analytic Insight, which was released in March 2022, was named sixth as the hotbed of online fraud along with several other countries such as Nigeria, Ghana, India, Philippines, Romania, Russia, South Africa, Ukraine and the United States," he told VOI, Tuesday, December 5.
Based on the results of the UGM Fisipol CFDS poll in August 2022, Pratama emphasized that the fraud modes that were mostly circulated and received by 1700 respondents were fraud under the guise of prizes with certain values, illegal loans, sending links containing malware, fraud under the guise of family crises, illegal investments, buying and selling scams such as on Instagram and others as well as through websites or fake applications.
"In addition, there are still many online modes circulating, such as fraud under the guise of online social gatherings, fraud under the guise of romance, work receipts, scholarship receipts, fraud under the guise of charity & donations, credit card fraud and so on," he said.
Unfortunately in Indonesia, the handling of the authorities for online fraud cases is still widely complained by the victims because the police are considered slow in taking action, as well as a lack of communication to victims regarding the progress being carried out by the police.
Variations Of Phishing Attacks Every Year Are Predicted To Be Larger
Based on the Federal Bureau of Investigation (FBI) released Internet Crime Complain Center (IC3) at the end of 2022 and quoted by VOI Tuesday, December 5 regarding cybercrime rates, the hackers have sent more emails in every of their crimes.
The act of sending so many emails will increase the number of opportunities to hack the desired targets. Still based on IC3, of the 1,400 organizations surveyed, 80% believe they have been hit by an email-based cyberattack.
The latest type of phishing attack is called EvilProxy which uses phishing addersary devices for creating credentials and account takeover attacks. Usually these cybercriminals disguise themselves as 'Microsoft' to trick potential victims. Prospective victims targeted by hackers are an elite group consisting of company leaders, legislative officials and also state executive officials.
Phising using the EvilProxy method has been used since July 2023 targeting the banking sector and financial services, insurance, property and real estate management, and the manufacturing sector.
EvilProxy, first documented by Resecurity in September 2022, served as an inverse proxy set between the target and the legitimate login page for intercepting credentials, two-factor authentication code (2FA), and a session cookies for hijacking the desired account.
Based on a Vade report by international cybersecurity firms from France, in the third quarter of 2023, Vade detected a substantial increase in phishing and malware attacks. The phishing volume increased 173% compared to the previous quarter (493.2 million vs 180.4 million). Malware also experienced a sharp increase from quarter to quarter (110%), reaching 125.7 million emails compared to a total Q2 of 60 million.
Malware volume in the third quarter of 2023 almost hit record highs throughout the quarter, just lagging behind the malware figure in the fourth quarter of 2016 of 126.8 million. The number of malware and phishing in Q3 surpassed the total Q3 since Vade began tracking both categories in 2015.
World's Famous Phishing Attack
1. 2015 FACC Whale Catching Attack
At the end of 2015 the FACC, an Austrian aerospace manufacturing firm has sacked its CEO Walter Stephen. Walter Stephen is thought to have deceived the company 50 million ($55.8 million) due to 'Whalling Attack Phishing'. Quoted from Reuters, FACC is a company that produces spare parts for Boeing and Airbus.
Hackers disguised themselves as FACC CEO Walter Stephen, sending emails to other employees asking for a transfer of funds for an 'acquisition project'. Phishing attacks were successful as hackers managed to emulate Stephen's writing style, giving legitimacy on the message so employees who were not suspicious would comply.
The attack was announced in early 2016, when the FACC acknowledged monetary losses and announced the CEO's resignation. Employees who transferred funds were also fired, as were the company's CFO.
after his mistake caused the company to be deceived by 50 million ($55.8 million) in a whale fishing attack that was revealed earlier this year.
The FACC, which produces spare parts for Boeing and Airbus, said that in a supervisory board meeting last week they had decided to "revocation" Walter Stephan immediately.
2. 2014 Sony Image Phishing Attack
Sony's famous cyberattack in 2014 caused data leakage of up to 100 terabytes from the entertainment giant, as well as severe damage to servers and operational capacity.
Although malware is used to retrieve data and remove Sony servers, initial access is provided via phishing emails sent to Sony executives. These emails request account verification, link them to malicious sites that, when they enter the details, send the username and executive password to hackers.
The hacker group, called The Guardians of Peace, can then access and steal information related to employees, unreleased film data, and personal correspondence.
Hackers claim to have stolen 100 terabytes of data, but this has never been verified about 40 gigabytes appeared online after the attack. The attack caused major damage to Sony's internal system. In the first quarter of 2015, the company set aside $115 million to deal with ongoing problems related to the attack. In total, the completion of this attack is estimated to cost Sony $100 million.
These Are Sosmed And Service Products That Pishers Like To Target (Phising Perpetrators)
Every quarter, the Vade filter engine detects and analyzes millions of phishing emails and hundreds of thousands of phishing webpages. By analyzing the unique branded phishing website, Vade compiled a list of the top brands imitated by hackers.
Trends come and go, but Facebook and Microsoft have proven to be the eternal favorites among hackers. Both brands are the second and second most imitated by hackers since 2020.
Facebook not only became the most imitated brand in the quarter (16,657 URLs), but also experienced an increase in phishing URLs by 104% and 169% compared to Q1 and Q2 in 2023 (8,141 URLs and 6,192 URLs).
The financial services industry is still the most imitated by Pisihing hackers. According to a report recorded, more than 33% of all phishing URLs are in the financial services industry followed by social media (22%) and cloud (21%).
Only three social media companies are included in the list of the top 25 most imitated brands, with Facebook contributing to the largest share in the phishing URL sector (85%), followed by WhatsApp (9%) and Instagram (5%). As with social media, only three cloud brands are included in the list of the top 25. Microsoft leads this sector (conducting 53% of the phishing URL), followed by Google (12%) and Netflix (7%).
Based on the 2022 Global Risk Report from the World Economic Forum, 95 percent of cybersecurity incidents in the world are caused by human error. The report seems to be in line with the rise of Indonesians who have been hit by online fraud cases in recent years. This is due to concerns that certain major moments or what people are talking about, including massive promotions on the internet. Let's now digitally literate and identify its crimes so as not to become victims of irresponsible hackers.