While banks and credit unions continue to be the top targets of phishers, social media sites and universities are growing favorites of phishers due to the inherent nature of these users to share personal information. Cyber criminals are gaining access to confidential information through simple searches in order to carry out elaborate social engineering scams. This type of phishing relies on both technology and human interaction by manipulating people to perform actions or divulge further information, resulting in online fraud or identity theft.
“In an age where people are encouraged to share everything from what they had for lunch on Twitter to photos of their weekend on Facebook, cyber criminals are taking advantage of the abundance of information at their fingertips in order to create targeted attacks,” said Panos Anastassiadis, chief operating officer of Cyveillance. “It is important for employees and organizations to be prepared beyond just implementing traditional security measures; they need to continuously educate individuals in cyber safety best practices in order to proactively protect their companies against attacks.”
Universities are specifically targeted for credentials including name and password information. Phishers use these details to create botnets – applications that allow unauthorized access to and/or control over a user’s computer in order to help facilitate malicious activity such as spamming or denial of service (DoS) attacks. Alternatively, social media is used as a means to distribute malware in order to reap greater financial benefits. While these avenues are used in different ways, they are both targeting large groups of individuals who are typically more willing to share information and trust online links.
In addition to Cyveillance’s traditional phishing and malware statistics (see below), the report also includes test results identifying how long it takes leading antivirus (AV) software vendors to detect new malware threats as they are initially discovered in real-time and over the course of a thirty day period. When Cyveillance fed active attacks through 13 of the top AV vendor1 offerings, they identified that these solutions initially detect on average less than 19 percent of malware threats. That average detection rate increases to only 61.7 percent after 30 days.
Phishing. During the first half of 2010, Cyveillance detected a total of 126,644 phishing attacks for an average of over 21,000 unique attacks per month with the volume remaining relatively steady throughout the half. The amount of attacks seen monthly is down compared to the second half of the previous year, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Cyveillance identifies phishing as a social engineering scam that relies on both technology and human interaction to carry out online fraud and identity theft. The schemes are varied, but typically involve a spoofed (spam) email that mimics an email from a legitimate and respected organization in order to steal personal information, which is then used for online fraud, identify theft or unauthorized network access purposes.
Malware. The majority of malware threats on the Internet continue to originate within the United States. The country leads in almost every significant malware statistical category. Other developed countries such as China, Canada and the United Kingdom do not provide the same volume of threats as the U.S., but still pose significant danger to Internet users. Cyveillance considers malware to be a file or application downloaded from a website or server that exhibits properties that are both involuntary and malicious in nature. There are many types of malware, ranging from “bot” programs used to launch spam to DoS attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information or targeting specific SCADA or industrial platform. While all malware presents a threat, the variations used for financial fraud typically cause the most harm to consumers.
All figures and statistics2 in the Cyveillance “1H 2010 Cyber Intelligence Report” are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between January 1, 2010 and June 30, 2010. For more information or to download the report, please visit: www.cyveillance.com/cyberintelreport-1H10.
Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 100 million global consumers through its partnerships with security and service providers that include Blue Coat, AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more information, please visit www.cyveillance.com or http://www.qinetiq-na.com.