Hacked hosting providers are becoming a fertile launch pad for new phishing attacks, accounting for nearly half of all phishing incidents during the second half of 2012, according to new research from the Anti-Phishing Working Group (APWG).
The fact that these phishing attacks are increasing is not surprising, since based on earlier reports spear phishing is the main way cyber criminals deliver their advanced, targeted malware payloads.
But according to APWG's most recent Domain Name Use and Trends Report, Attackers leveraging these compromised hosting providers represented 47 percent of all phishing attacks recorded worldwide in the second half of 2012.
"Breaking into hosting facilities is a high-yield activity for phishers," said Rod Rasmussen, President & CTO of IID, and a co-author of the study in a press statement. "This activity is part of a larger trend -- we also see criminals hacking into shared hosting and using those servers for other malicious activities, such as launching denial-of-service attacks, infecting the computers of the legitimate website visitors via exploit code, and creating botnets."
The APWG crunched some fairly sizable numbers:
- "123,486 unique phishing attacks worldwide during the study period, found on 89,748 different domain names.
- "Of those domains, the authors reported that 5,835 domain names appeared to be registered maliciously by the phishers.
- "The number of maliciously-registered phishing domains has been in steady decline -- down significantly from 7,712 in 1H2012, 12,895 in 2H2011, and 14,650 in 1H2011."
APWG also found that eight of the more abused domain registrars were found in China.
"Chinese phishers tend to make malicious domain registrations more often than other phishers, and use registrars inside and outside of China,” said Greg Aaron, President of Illumintel Inc., and a co-author of the study said in a press statement. “The report highlights how phishers take advantage of certain domain name registrars and registries, and how a lot of the activity is concentrated in certain places online. Those companies need to be actively involved in monitoring for and mitigating abuse in the spaces they control.”
A interesting report tidbit: Only 1.4 percent of all domain names that were used for phishing contained a brand name or some similar known variant, meaning many cyber criminals are ensnaring their prey using what appear to be obviously fake domain names.
A copy of the full report can be downloaded HERE [pdf].