Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/23/2009
09:37 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Phishing Gets Automated And We're All Getting Targeted

Phishing expeditions business and personal data are rising to record levels, with fake anti-malware campaigns alone increasing by 225% in the last six months of 2008. Password-stealing Web sites jumped 827% IN 2008. The reason? The phishers are investing in automation.

Phishing expeditions business and personal data are rising to record levels, with fake anti-malware campaigns alone increasing by 225% in the last six months of 2008. Password-stealing Web sites jumped 827% IN 2008. The reason? The phishers are investing in automation.A new report from the Anti-Pjhshing Working Group (APWG) gives a sense of just how aggressive the phishers and malware makers are becoming in search of your business (and personal) data.

Using increasingly automated attacks and re-tooling strategies such as anti-malware come-ons, phishers are bombarding the Web with mail campaigns, continue to co-opt known and trusted brands and are sprouting malware Web sites at stunning rates.

Case in point. According to APWG, malware sites jumped 827%, from 3332 in January 2008 to 31,173 in December, within spitting distance of a 1,000% increase in twelve months.

The largest increase was December, in fact, with the number of sites bearing malware and password-stealing tools skyrocketing from November's 11,834 to 31,173.

While APWG notes that the December pop was a result of "some large attacks that were using huge amounts of random websites for phishing campaigns that were spoofing classmates websites," the organization undoubtedly also knows that this sort of increase is unlikely to remain an aberration.

The crimeware side's ability to generate, essentially effortlessly, huge and even overwhelming numbers of malicious code URLs isn't going to be a onetime or even a sometime thing: Look for increases in the hundred thousand or large range, and look for it soon.

It's the same with the resurgence of the fake malware campaigns, with the added, and ironic, advantage (for the bad guys) of an increased public awareness of the increasing malware problem. The more people know there's a problem (too often without, alas, an increased understanding of how properly to defend against it)the likelier a certain percentage of the population is to take the phishers' bait.

And a certain percentage of that percentage may be working for you. In addition to tightening and re-tightening your own defenses and filters, it's time (it's always time) to remind your staff, with special attention to non-tech, mobile, remote and telecommuting staff to

Delete unsolicited e-mail unopened

Never click a link in an unsolicited or unfamiliar e-mail

Steer clear of branded mail (and the links they contain) from financial institutions and, I'd say, social networks

Ignore and delete all anti-malware come-ons, whether in e-mail or ads

Never give out financial data, personal (or business!) information or passwords in response to an e-mail request or a Website form

I know, I know: This is such basic advice that you'd think it wouldn't have to be given again and again (and, no doubt, yet again and probably within the next few weeks).

But the phishers and the malware makers know that no matter how many times the advice is given, there's that percentage that won't pay attention, that percentage pried to have the hook set in their information, or their company's.

The only difference is that the bad guys are going after that percentage at a faster rate and in larger numbers.

The complete APWG Phishing Activity Trends Report 2nd Half 2008 is here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
CVE-2021-32244
PUBLISHED: 2021-06-16
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
CVE-2021-32245
PUBLISHED: 2021-06-16
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
CVE-2021-34201
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
CVE-2021-34203
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...