News

Phishing attacks down 45% but only temporarily

By Nancy Sudheer Published: 2009-09-16T20:00:00+04:00
img_09172009_11c37f25-2449-4fdb-b75d-4688912509a4.jpg
img_09172009_11c37f25-2449-4fdb-b75d-4688912509a4.jpg

The number of phishing attacks fell by 45 per cent globally in August compared with July, according to a new report – but this is likely to be a short-term reprieve as the number of spam campaigns is expected to start rising this month.

Phishing is the process of fraudulently attempting to acquire sensitive information such as user names, passwords and credit card details. Spammers will take advantage of the Halloween and Christmas holidays to step up their activities, according to the report by computer security firm Symantec.

The report says 30 per cent of phishing URLs were generated using phishing tool kits, a decrease of 74 per cent from the previous month. Tool kits allow non-expert attackers to create and carry out phishing operations.

Symantec identified an increase in a phishing tactic targeting a popular e-mail client application. And 70 per cent of all attacks came from unique phishing websites, which targeted more than 220 brands.

Though unique phishing activity increased by only three per cent in August, the proportion of unique phishing URLs increased from 37 per cent in July to 70 per cent in August. This was the result of a sharp decrease in tool kit activity as the trending of the two is usually correlated.

Symantec observed a continuous fluctuation in the number of tool kit attacks throughout the month. There was a slight increase observed in such attacks – primarily targeting the information services and financial sectors – towards the end of the month.

The increasing number of tool kit attacks in recent months primarily targeted a social networking site, and this was discontinued in August. This in all likelihood is related to a specific command and control server being brought down. Symantec observed that this resulted in a slight increase in tool kit attacks targeting the financial sector, as the fraudsters possibly activated another botnet from their distributed infrastructure.

Phishing scam messages lured the intended victims to re-configure their e-mail client application by a link provided in the e-mail. The link directed the potential victim to a phishing web page that requested the download of a critical security update for the e-mail application.

The security update was in fact a malicious application file developed by the fraudsters that attempted to acquire user credentials such as the e-mail account name, password and the mail server name. This would enable the fraudsters to gain control over the e-mail application and steal critical information, or even use it for further spamming activities.

Phishers use IP addresses as part of the hostname instead of a domain name. This is a tactic used to hide the actual fake domain name that otherwise can easily be noticed. Also, many banks use IP addresses in their website URLs.

A total of 1,115 phishing sites were hosted in 71 countries. This amounted to an increase of approximately five per cent of IP attacks in comparison to the previous month. The US continued to be the top ranked country for hosting phishing sites. The Greater China region accounted for approximately seven per cent of IP attacks in the month. The total number of IP attacks originating from this region fell by two per cent over the previous month.

South Korea is a new member of the top five countries hosting phishing sites, making its debut appearance in the fifth position. Panama, which has seen a steady increase in internet usage, featured in the list of top five countries hosting phishing sites for the second consecutive month. It is a possibility that attackers have identified vulnerabilities in the hosting environment of this region.

The top cities hosting phishing sites were Dallas, Taipei and Seoul. Symantec observed that phishing sites with IP domains continued to originate from newer cities every month. In August, Istanbul was one such debutant in the list of top cities hosting phishing sites.

The use of free web hosting services has been the easiest form of phishing in terms of cost and the technical skills required to develop fake sites. A total of 111 different web hosting services served as the home for 2,314 phishing sites in August. Symantec said there was a three per cent decrease in the number of free web hosting services utilised for developing phishing sites.

More than 86 phishing sites were analysed based upon the geo-location of their web hosts.

 

Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.