[news release] A new phishing survey released by the Anti-Phishing Working Group (APWG) at its conference this week reveals that phishers are breaking into hosting providers with unprecedented success, using these facilities to launch mass phishing attacks.
Using this method, a phisher hacks into a web server that hosts a large number of domains – a “shared virtual server” – and plants phishing attacks on every domain name on the server. This allows the phisher to subvert hundreds or even thousands of Web sites at a time. The number of phishing attacks worldwide rose due to these break-ins, with attacks involving shared virtual servers representing 47 percent of all phishing attacks recorded worldwide in the second half of 2012.
“Breaking into hosting facilities is a high-yield activity for phishers,” said Rod Rasmussen, President & CTO of IID, and a co-author of the study. “This activity is part of a larger trend — we also see criminals hacking into shared hosting and using those servers for other malicious activities, such as launching denial-of-service attacks, infecting the computers of the legitimate website visitors via exploit code, and creating botnets.”
Also according to the study, the average and median uptimes of phishing attacks remained lower than the historical average, averaging 26 hours and 13 minutes in 2H2012, compared to the all-time low of 23 hours and 10 minutes recorded in 1H2012.
Another key finding was that when phishers register domain names for their scams, a small number of domain name registrars were abused more prevalently than others, relative to their overall domain registration portfolios and their industry peers. Eight of those registrars are located in China.
“Chinese phishers tend to make malicious domain registrations more often than other phishers, and use registrars inside and outside of China,” said Greg Aaron, President of Illumintel Inc., and a co-author of the study. “The report highlights how phishers take advantage of certain domain name registrars and registries, and how a lot of the activity is concentrated in certain places online. Those companies need to be actively involved in monitoring for and mitigating abuse in the spaces they control.”
The 2H2012 data set also yielded the following statistics:
The full report can be found here: docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.
Among APWG’s corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T(T), Avast!, AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, Domain Tools, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path, RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO), zvelo and ZYNGA.