Phishers, malware authors go beyond the usual targets to find victims they've never attacked before

3 Min Read

Online identity theft grew at an unprecedented rate during the first two months of 2007, as its two chief components -- malware and phishing -- skyrocketed at rates of 50 to 200 percent.

A study scheduled to be released tomorrow by Internet monitoring firm Cyveillance Inc., found more than 3 million pieces of personal information available on the Web, including approximately 320,000 debit and credit card numbers, 1.4 million Social Security numbers, and 1.3 million account login credentials.

"The odds of you personally being targeted for [online] identity theft are higher now than they have ever been in history," says Todd Bransford, vice president of marketing at Cyveillance. "The volumes of personal information available on the Web are higher than they've ever been before."

The report is a first for Cyveillance, a seven-year-old company that mines Internet content and trends via Web crawlers and proprietary search engines. To create the report, Cyveillance sent its crawlers out looking for likely phishing sites, malware, and personally identifiable information.

"This is a little different than the other reports you may have seen, which are projections based on surveys or Internet crime reports," Bransford observes. "Everything we found is actually out there right now, on the open Internet."

In December, Cyveillance found that the average number of URLs detected with malware was less than 20,000 on a daily basis. Last month, however, that average had grown to about 60,000 sites daily, with a single-day, mid-month spike of close to 140,000.

"What we're finding is that a lot more of the malware is designed for financial gain," as opposed to just vandalizing or damaging systems, Bransford says. "Based on these numbers, I would say that over time, malware is going to become a more common method of identity theft than traditional phishing."

Many attackers also are combining phishing with malware, using compelling emails to entice users to click over to a Web site that promptly installs malware on the user's machine, often without requiring any action on the user's part. Cyveillance estimates that there are hundreds, possibly thousands, of live malware-based phishing scams operating on any given day. One scam Cyveillance discovered contained 12 different pieces of malware and resulted in the theft of at least 60,000 Social Security numbers.

"These 'blended attacks' are different because the attacker doesn't need to convince the user to do anything except click on a link," Bransford says.

Interestingly, while many researchers report that a high percentage of phishing attacks come from overseas, Cyveillance found that almost three-fourths of malware sites are based in the U.S. "Generally, attackers want the malware to come from a site in the same region, which makes it seem more trustworthy," Bransford says.

While malware is the fastest-growing attack vector for identity theft, traditional phishing continues to proliferate as well, Cyveillance found. In fact, the number of sites targeted by phishing attacks grew 50 percent in the first two months of 2007, from 800 to 1,200.

"Where we used to see [phishers] targeting mostly large banks and popular online sites like eBay, now we are seeing smaller regional banks, credit unions, and retail sites that have never been targeted before," Bransford says. Credit unions alone saw an increase of 584 percent in the last 12 months, and associations have suffered an increase of 329 percent, Cyveillance reports.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights