Crimeware and Crimeware-Spreading Sites Increase Rapidly in Q2/2008.Brand and Phishing Site Data Suggest a Renewed Focus on Targeted Phishing LOS ALTOS, Calif. & CAMBRIDGE, Mass. -- The crimeware scourge is menacing the Web at levels never before detected by the APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group , with crimeware-spreading websites nearly tripling in number in the 12 months before the end of Q2/2008 - and the number of recorded crimeware variants shattering all previous records. The APWG reports this week that in Q2/2008 the number of crimeware-spreading URLs exploded to a record high of 9529 at quarter's end - 258 percent higher than at the end of Q2/2007. Within the quarter, the number of malicious application variants hit a record high of 442 in May, up some 105 percent from May 2007. Websense Chief Technology Officer and APWG Phishing Activity Trends Report contributing analyst Dan Hubbard said that the large boost is attributed mainly to malicious code being utilized in SQL injection attacks. During the same Q2 period, the APWG reported, the number of unique brand-domain pairs steadily decreased during the period of April through June, from 7,656 to 6,768. (The brand/domain pairs count the unique instances of a domain being used to target a specific brand.) Vice President of Product Marketing at MarkMonitor and APWG Phishing Activity Trends Report contributing analyst Blake Hayward said, "While the number of unique Phish URL's declined in Q2, the number of brands targeted continues to rise. This suggests that phishers are investing in sophisticated marketing tools and IT infrastructure in order to conduct more targeted spear phishing campaigns." APWG Chairman Dave Jevans said, "Cyber criminals continue to increase their activities to levels never before seen in the 5 years since the APWG has been monitoring phishing and crimeware. While phishing continues unabated, the most concerning trend is the dramatic rise in crimeware and the websites that distribute it. "The current financial crisis has also been used by phishers to create new scams that try to scare consumers into entering their usernames and passwords into sites that mimic those of well known distressed financial institutions. As the economy degrades, we are seeing a continual increase in malicious and criminal activity on the Internet. We urge caution in these challenging times," Mr. Jevans said. Q2 2008 Phishing Activity Trends Report Highlights Unique phishing attack reports submitted to APWG rose 13 percent during the quarter to 28,151 in June Unique phishing websites reported to APWG in June to 21,703, decreased more than 11 percent from April May presented a record high of 294 hijacked brands and the quarter's 485 victimized brands is also a record high. The category of Other in the 'Targeted Industry Segment' measurement increased to 4 percent of the total due to attacks against social networking and national tax agencies. The number malicious application variants hit a record high of 442 in April The number of crimeware-spreading URLs exploded to a record high of 9529 at quarter's end - 258 percent higher than at the end in of Q2 2007 The full report is available here: http://www.antiphishing.org/reports/apwg_report_Q2_2008.pdf. About the APWG: The APWG, founded as the Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. in 2003, is an industry, law enforcement and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies and government agencies worldwide participating in the APWG and more than 3,200 members. The APWG's Web site (www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors include: 8e6 Technologies, AT&T (T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Cisco (CSCO CSCO Cisco Systems Incorporated (stock symbol) CSCO Chief Supply Chain Officer ), Clear Search, Cloudmark, Cydelity, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Earthlink (ELNK ELNK EarthLink, Inc. (stock symbol) ELNK Ethernet Link ), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank The National Australia Bank or NAB (ASX: NAB, LSE: NAB, NYSE: NAB, TYO: 8637 ) is part of the NAB Group. It is the largest bank in Australia by assets, and 28th largest in the world. (ASX ASX See: Australian Stock Exchange : NAB) Netcraft, NetStar, Network Solutions, NeuStar, Panda Software, Phoenix Technologies Inc. (PTEC PTEC Pinellas Technical Education Centers (Clearwater, FL) PTEC Pharmacy Technician Educators Council PTEC Psychiatric Technician PTEC Plastics Technical Evaluation Center PTEC Page Table Edit Control ), Phorm, The Planet, SalesForce, Radialpoint, RSA Security (EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. ), SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC SYMC Symantec Corporation (stock symbol) ), TDS TDS total dissolved solids. Telecom, Telefonica (TEF TEF Tracheoesophageal fistula, see there ), Trend Micro (TMIC TMIC Trend Micro Inc. (stock symbol) TMIC Top Mount Intercooler (automotive turbo systems) TMIC Traffic Management and Information Centre TMIC Training Management Information Center ), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI VDSI Vasco Data Security International, Inc. (Brussels, Belgium) VDSI Verband Deutscher Sicherheitsingenieure (German) ), VeriSign (VRSN), Visa, Websense Inc. (WBSN) and Yahoo! (YHOO). |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion