Phishing industry is alive and well, APWG reports

By | July 25, 2012

Posted in: Network Security Trends

The phishing industry keeps reeling them in, according to the Anti-Phishing Working Group's (APWG) first quarter report.  More brands, 392, were subverted in Q1 2012 than ever before, eclipsing the previous mark of 362 just last December. That’s an 8% increase in both February and March. The numbers of unique URL phishing sites also hit an all-time high in February, at 56,859, compared with the previous high of 56,362 in February 2009, then slid back down to 53,939 in March. But the message really is that phishing remains a sustained, regular activity by cyber criminals. And, one assumes, lucrative as well.

The financial sector remains the most widely exploited by phishers, with 38.1%. This is hardly surprising, as criminals use banking Trojans, such as Zeus, to defraud consumers and, particularly, small businesses, which can lost hundreds of thousands of dollars over a relatively short period of time if the transfers are not detected by the bank and stopped. A couple of recent cases have gone in favor of the small businesses, but by and large the banks are not held responsible for business losses.

Interestingly, however, payment services, at 21.5% took over second place by a fairly wide margin over the retail and service industries, at 13.6%, perhaps marking a switch in tactics and the realization that these services are easily exploited and profitable.

The U.S. continues to overwhelmingly host the most phishing sites, hovering between 65% and 70%, primarily because it hosts the largest number of the world’s websites. Canada blipped up to number two at 11% in January, but that was short-lived and it slipped down in February and March as whatever phishing activity was current waned.

One of the more interesting topics covered were Unique Brand-Domain Pairs; that is the number of different URLs that are associated with an attack that takes advantage of the same company. This number hovered above 19,000 for each month. Put another way, there were around 140 URLs used to exploit each brand over the three months. This is an interesting and perhaps even more accurate way to measure the exploitation of corporate brands, as it shows the number of URLs devoted to subverting the “Acme” corporate name.

Unique malware samples continued to climb. Six million were reported in Q1; the overwhelming number of them, 81% were Trojans, which have long since supplanted worms, 9.3%, as the crime-ware of choice. Trojans cannot automatically replicate themselves, but are superior in most other ways. Self-replicating worms, however, still have their uses, particularly in advanced persistent attacks once they have gotten a foothold in an organization.

China was the highest nation in terms of infected PCs, with 54.1%, with Taiwan, Turkey and Russia not far behind. Obviously, they can’t afford antimalware software or simply don’t care or are buying substandard knock-offs.

You May Also Be Interested In: