Zscaler ThreatLabzβs 2024 Phishing Report identifies the 20 most phished brands, highlighting how attackers abuse trust to access enterprise networks. A WhoisXML API DNS investigation found 3,120 branded domains with 12 malicious, underscoring ongoing phishing risks. #Microsoft #OneDrive #Amazon #Facebook #Gucci #FedEx #Google #WhatsApp #DHL #ANZBankingGroup
Keypoints
- The Zscaler ThreatLabz 2024 Phishing Report lists the top 20 brands most targeted by phishers, including Microsoft, OneDrive, Okta, Adobe, SharePoint, and others.
- The WhoisXML API DNS investigation identified 3,120 branded domains, with 12 confirmed as malicious.
- Examples of malicious branded domains include amazon[.]org[.]gg, facebook[.]com[.]br, fedex[.]info[.]pl, google[.]site, and gucci[.]com[.]by.
- Among branded domains with WHOIS details, 2,078 had current records; 818 could be publicly attributed to brand owners, while 1,260 could not.
- Eight branded subdomains and 14 IP addresses were identified, with 11 IPs linked to various threats.
- Full findings and additional artifacts are available for download on the WhoisXML API website.
MITRE Techniques
- [T1566] Phishing β Phishing campaigns targeting popular brands to exploit user trust. βPhishing campaigns targeting popular brands to exploit user trust.β
- [T1189] Drive-by Compromise β Malicious domains used for distributing malware. βMalicious domains used for distributing malware.β
Indicators of Compromise
- [Domain] malicious branded domains β amazon[.]org[.]gg, facebook[.]com[.]br, fedex[.]info[.]pl, google[.]site, gucci[.]com[.]by
- [IP Address] IPs associated with threats β 14 IP addresses in total, 11 of which linked to various threats
- [Subdomain] branded subdomains β eight branded subdomains identified
- [WHOIS/Domain data] current WHOIS details β 2,078 branded domains with current WHOIS records; 818 publicly attributed to brand owners; 1,260 not attributed
Read more: https://circleid.com/posts/20240801-the-most-phished-brands-of-2024-in-the-dns-spotlight