Feeds

Phishers tapping botnets to automate attacks

Is your PC hosting a bank fraud site?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Computer criminals are making phishing more potent by automating attacks. Anti-Phishing Working Group (APWG) analysts reckon fraudsters are using automated tools and botnets to ramp up attacks. It estimates attacks grew by an average of 36 per cent a month between July and October.

Scam emails that form the basis of phishing attacks often pose as 'security check' requests from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. The details collected this way are used for credit card fraud and identity theft. First seen more than a year ago, phishing emails are becoming increasingly sophisticated, directing users to bogus websites which accurately reproduce the look and feel of legitimate sites.

Home PCs used to host baiting sites

In October, there were 6597 new, unique phishing email messages reported to the APWG, compared to 2158 such reports in August. The number of active baiting sites reported to the APWG in October was 1142, 25 per cent up on September, targeting customers of 44 brands. According to the working group, fraudulent sites were online for an average of 6.4 days. The number of phishing sites hosted on compromised broadband PC rose by more than 50 per cent.

APWG reports an explosion of phishing activity at the start of October. "Starting on the afternoon of 5 October, we started seeing a massive increase in the amount of phishing sites. Evidence indicated that the phishing exploits were not targeting one particular brand, but several targeted simultaneously. The one common theme of these phishing sites is that nearly all are being hosted on IP addresses and mostly outside of the US," the report states.

"It appears as though some sort of toolkit is available and/or a set of tools that are being used to produce similar exploits. The sudden large spike may, however, indicate that some automation may be involved. We are also seeing multiple brands being spoofed from the same machine over a few days. For example a site will be an eBay spoof one day, and then Paypal, then Citbank, etc. The content of the attacks is quite varied."

The US is home to the majority of these baiting sites, hosting 29 per cent of those reported to the APWG in October, a slight decrease over the month. China, Korea, and Russia are next on the list with 16 per cent, nine per cent, and eight per cent respectively of the total sites hosted. APWG's report, jointly written by security researchers at Websense and Tumbleweed Communications, is available here (PDF).

Let's factor out phishing

Services to monitor phishing attacks, allowing targeted sites to respond more quickly, or browser add-ons (such as Comodo's Verification Engine) that allow consumers to detect fraudulent sites have been developed by security firms to tackle the problem. One promising approach is to apply two-factor authentication, long a mainstay of corporate remote access, to internet banking. Swiss and Scandinavian banks have been using this approach for some time but use of the technique is rare in the US and UK, for example.

Earlier this month two New Zealand banks - ASB and Bank Direct - set up a service to provide two-factor authentication with text messages to their customers mobile phones to authorise transactions over $2500. The service, called Netcode, uses technology from RSA Security. Independent security experts think the idea shows considerable promise.

"The scheme is elegant, simple to use, cost-effective and requires no new hardware outlay," said Pete Simpson, ThreatLab Manager at security firm CLEARSWIFT. "This will thwart phishers who lure victims to fake websites and will defeat those that surf to the real site and display impostor popups for input of credentials. Clearly, those older attacks using HTML forms in the email are also dead-in-the-water." ®

Related stories

Phishing for dummies: hook, line and sinker
Botnets trawl for phishing victims
UK preps major security awareness campaign
Four charged in landmark UK phishing case
UK banks launch anti-phishing website

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.