Feeds

Whaling fraudsters harpoon 15,000 victims

Two gangs blamed for attacks on credulous high-rollers

Choosing a cloud hosting partner with confidence

Targeted phishing attacks against high-rollers reached new heights over the last two months, according to a study by iDefense.

The VeriSign security division recorded 66 instances of so-called whaling attacks between February 2007, around the time fraudsters adopted the tactic, and June 2008. More than one in four of these assaults happened during the last two months.

Whaling attacks typically use carefully tailored lures in personalised emails designed to trick senior executives into downloading malicious code. Thereafter crackers use compromised machines to gain access to sensitive data such as corporate banking credentials or customer databases. Attacks are frequently timed to coincide with diary events such as tax day. Fraudulent emails have appeared under the guise of the Better Business Bureau, Internal Revenue Service and the Department of Justice, for example.

Matt Richard, director of rapid response at iDefense, explained that fraudsters typically used unscrupulous "bullet proof" hosting services to host malicious code. After tracking the crooks for months, iDefense managed to get access to their control panel, providing an insight into the fraudsters' network.

VeriSign reckons over 15,000 corporate targets have been duped by the approach over the last 15 months. Victims include conglomerates, government agencies, financial institutions and legal firms. Reported victim losses can top $100,000.

The vast majority of these attacks - 95 per cent - are the work of only two groups, according to VeriSign. Each group is differentiated by the attack code it uses. One uses Browser Helper Objects (BHO) to log SSL encrypted sessions or to carry out man-in-the-middle attacks on two-factor authentication systems. Another group favours the use of key logging software.

The latter group is from Romania and Italy, based on the language used in the code and the patterns of fraudulent transactions associated with its activities. The other group is more international, with contacts in China and south east Asia.

iDefense advocates a mixture of staff training and URL filtering as the best defences against the whalers. It warns that the attack approach is only likely to become more common over coming months. "Awareness and education are the best defences against this growing fraud," said iDefense's Richard. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.