Positive Technologies warns of cybercriminals creating platforms to distribute phishing kits

Positive Technologies analyzed cyberattacks that occurred in Q3 2022. According to the study, the number of attacks increased by 10% compared to Q2 2022. The analysts highlighted a significant increase in the use of malware to attack Linux environments, as well as the growing popularity of phishing kits.

At the beginning of the second half of 2022, cybercriminals shifted their focus from disrupting core operations of organizations to stealing credentials, developing phishing tools, and refining social engineering techniques. Credentials increased from 9% to 17% of all stolen data. This was made possible by intensified distribution of phishing kits, which led to numerous credential harvesting campaigns. The phishing-as-a-service model is proliferating on the web, enabling even relatively unskilled scammers to launch phishing attacks.

"At the beginning of the year, we predicted that phishing-as-a-service would spread, and now we can indeed see it gaining momentum," notes Ekaterina Semykina, Information Security Analyst at Positive Technologies. "In Q3 2022, the number of large-scale social engineering campaigns against organizations increased by 41% and by 34% against individuals compared to Q2. This growth is primarily caused by widespread use of phishing kits. A phishing kit is a ready-to-use collection of software tools for phishing attacks. It can also include preconfigured phishing pages, data entry forms, scripts for sending messages to victims and scripts for sending stolen data to attackers."

The study shows that social engineering is a more efficient and less work-intensive way for attackers to penetrate corporate systems than searching for and exploiting vulnerabilities. Cybercriminals believe that the human factor can help them bypass defenses and remain undetected, so they are looking for new ways to utilize it in their attacks.

According to Positive Technologies, Q3 saw a noticeable increase in the share of malware attacks against Linux environments (from 12% in Q2 to 30% in Q3). Many of the trending virtualization solutions and cloud technologies are based on Linux. The landscape of attacks against such solutions is expanding daily, and their consequences are worsening due to the growing popularity of virtualization and clouds in business processes.

In Q3 2022, the number of unique cyberattacks increased by a third compared to the same period in 2021, and by 10% compared to Q2 2022. Analysts attribute this growth to the ongoing confrontation in cyberspace, hacktivist activity, emergence of new ransomware, and evolution of existing malware. The share of attacks on computers, servers, and network equipment of organizations increased by 6 percentage points as a result of ransomware activity. Attacks on financial institutions and individuals are on the rise. In addition, the number of mass attacks increased by 4% compared to Q2. These findings make Q3 one of the most dangerous quarters of 2022.

The full version of this study is available on the Positive Technologies site.