Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/18/2010
03:06 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

E-Commerce And Online Gaming Cyber Attacks Surge

IID releases Q3 Phishing Trends Report

TACOMA, Washington – November 17, 2010 – IID (Internet Identity), a provider of technology and services that help organizations secure Internet presence, today released its Third Quarter Phishing Trends Report that revealed phishing attacks through impersonation of e-commerce sites and gaming companies increased significantly year-over-year around the world in the third quarter of 2010. According to IID, instances where cyber criminals used likenesses of e-commerce companies, excluding eBay, to steal critical data from unsuspecting victims, were up 317 percent from July to September 2010 compared to the same time period in 2009. Likewise, phishing attacks impersonating gaming companies were up 347 percent in Q3 2010 compared to Q3 2009.

IID anticipates this increase in phishing attacks targeting e-commerce sites and gaming companies to continue during the fourth quarter of 2010 based on historical trends. For example, from Q3 to Q4 2009, threats targeting e-commerce sites excluding eBay increased 86 percent.

“Traditionally cyber criminals have capitalized on current events, resulting in an increase in e-commerce phishing attacks leading up to and during the holiday shopping season,” said IID President and CTO Rod Rasmussen. “As the world moves into the highly active online shopping season, we expect to see increases worldwide in e-commerce attacks. In addition, with the online gaming industry generating over $15 billion annually and growing rapidly, it is the kind of target that is hard for criminals to resist.”

With gaming, cyber criminals have again shifted focus to where the money is. In the latest example, Activision sold 5.6 million copies million copies of "Call of Duty: Black Ops" for $360 million on its first day of availability on November 9, setting a new one day revenue record for any media of any kind (movies, music, etc.). IID expects cyber criminals to take note of this and actively increase targeting of video game companies and consumers.

Much of the recent e-commerce attacks targeted Chinese online auction and shopping website Taobao. Taobao is one of the world’s largest e-Commerce sites with about 200 million registered users and is 13th overall in Alexa’s Internet usage rankings. IID expects attacks against Taobao to continue growing as cyber-criminals look to target an exploding Chinese middle class.

Other detailed findings of IID’s report include:

Non-Avalanche related phishing attacks increased 32 percent in Q3, 2010 compared to the same quarter in 2009.

The number of phishing attacks targeting credit unions increased. However, the overall number of credit unions targeted dropped.

Sources of data and background for the IID 2010 Third Quarter Phishing Trends Report include IID's own security experts and some of the world’s leading security and Internet infrastructure organizations like ICANN and APWG. It can be found in its entirety at www.internetidentity.com/resources/trend-reports.

About IID

IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry’s first and only solution for detecting, diagnosing and mitigating domain name system (DNS) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malware and brand security solutions for many of today’s leading financial service firms, e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).