Feeds

Home PCs launch phishing attacks

Honeynet project dissects the risks

  • alert
  • submit to reddit

SANS - Survey on application security programs

Phishing attacks are growing more sophisticated as attackers devise ever more devious means to stay at least one step ahead of banks and others fighting the contain fraudulent scams, according to a study from The Honeynet Project.

The report, Know your Enemy: Phishing, draws on data collected by the German Honeynet Project and UK Honeynet Project and focuses on picking apart real world incidents to discern the tactics of phishing fraudsters. As with a previous study on botnets, the findings come from monitoring a network of PCs deliberately left open to attack. What emerged from the study is the most detailed technical description of the modus-operandi of phishing attacks we've seen to date. It also discovered that lax security practices by consumers and small business are giving fraudsters a base from which to launch attacks.

The researchers discovered that phishers compromised honeypot machines for four main purposes: to set up phishing websites targeting well-known online brands; sending junk mail emails advertising phishing websites; installing redirection services to deliver web traffic to existing phishing websites or for the propagation of spam and phishing messages via botnets.

"We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing website going online with supporting spam messages to advertise the website, and that this speed can make such attacks hard to track and prevent," the researchers concluded. "IP address blocks hosting home or small business DSL addresses appear to be particularly popular for phishing attacks, presumably because the systems are often less well managed and not always up to date with current security patches, and also because the attackers are less likely to be traced than when targeting major corporate systems."

The research backs up the theory, advanced by groups like Spamhaus as well as police investigators, that the trade in compromised machines (botnets) to send out spam is linked to groups carrying out phishing attacks.

"Our research also suggests that phishing attacks are becoming more widespread and well organised. We have observed pre-built archives of phishing websites targeting major online brands being stored, ready for deployment at short notice, suggesting the work of organised phishing groups... Our research demonstrates a clear connection between spamming, botnets and phishing attacks, as well as the use of intermediaries to conceal financial transfers," the report concludes. ®

Related stories

Microsoft hunts web nasties with honey monkeys
Britain tops zombie PC charts
Rise of the botnets
Phishing gets personal
DNS attacks attempt to mislead consumers (pharming attacks)

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.