Attacks/Breaches

10/15/2010
01:31 PM
50%
50%

Phishing Attacks Rise Sharply But Spam Emails Decline

Automated botnet toolkits drive website security breaches, with social networks hit hard, Symantec report reveals.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Phishing attacks have risen sharply even though spam has declined to its lowest level since 2008, a new report reveals.

For September 2010, spam comprised 89.4% of all email, down from 92.5% in August, according to a new report from Symantec. The September total was the lowest level since 2008, when rogue ISP McColo was shut down. Phishing jumped by 52% in September from the month before.

"This [phishing increase] was primarily due to an increase in both automated toolkit attacks and unique phishing websites," said Symantec. Meanwhile, the number of phishing websites -- generated by automatic toolkits -- increased by 46%, unique URLs increased by 83% and phishing websites with all-numeric IP domains -- such as http://255.255.255.255 -- rose by roughly 35%.

One possible explanation for the decline in spam is "the shutdown of spamit.com," as well as the recent string of Zeus arrests made by the FBI and law enforcement agencies abroad.

However, Symantec warned that "if the aftermath of the McColo shutdown is any indication, the volume should gradually return over time." Security experts believe that at its peak, McColo was serving 75% of the world's spam.

Interestingly, Symantec also found that phishing attacks via social networks are rising, with a 38% jump in September from August. Just 79 free website hosting services accounted for 83% of all such attacks, while the others were hosted on websites with newly registered domain names or legitimate domains that had been compromised.

Another frequent scam involved using "typosquat" websites -- domain names with slight misspellings snapped up by attackers and primed to infect any PC that visits via drive-by downloads.

The most-used phishing schemes involved fake prize redemption, poker, porn -- "stating that free pornography is available for viewing upon entering login information” -- or free cell phone airtime.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11506
PUBLISHED: 2018-05-28
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer.
CVE-2018-11507
PUBLISHED: 2018-05-28
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.