Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

ID Theft Doubles in Two Months

Phishers, malware authors go beyond the usual targets to find victims they've never attacked before

Online identity theft grew at an unprecedented rate during the first two months of 2007, as its two chief components -- malware and phishing -- skyrocketed at rates of 50 to 200 percent.

A study scheduled to be released tomorrow by Internet monitoring firm Cyveillance Inc., found more than 3 million pieces of personal information available on the Web, including approximately 320,000 debit and credit card numbers, 1.4 million Social Security numbers, and 1.3 million account login credentials.

"The odds of you personally being targeted for [online] identity theft are higher now than they have ever been in history," says Todd Bransford, vice president of marketing at Cyveillance. "The volumes of personal information available on the Web are higher than they've ever been before."

The report is a first for Cyveillance, a seven-year-old company that mines Internet content and trends via Web crawlers and proprietary search engines. To create the report, Cyveillance sent its crawlers out looking for likely phishing sites, malware, and personally identifiable information.

"This is a little different than the other reports you may have seen, which are projections based on surveys or Internet crime reports," Bransford observes. "Everything we found is actually out there right now, on the open Internet."

In December, Cyveillance found that the average number of URLs detected with malware was less than 20,000 on a daily basis. Last month, however, that average had grown to about 60,000 sites daily, with a single-day, mid-month spike of close to 140,000.

"What we're finding is that a lot more of the malware is designed for financial gain," as opposed to just vandalizing or damaging systems, Bransford says. "Based on these numbers, I would say that over time, malware is going to become a more common method of identity theft than traditional phishing."

Many attackers also are combining phishing with malware, using compelling emails to entice users to click over to a Web site that promptly installs malware on the user's machine, often without requiring any action on the user's part. Cyveillance estimates that there are hundreds, possibly thousands, of live malware-based phishing scams operating on any given day. One scam Cyveillance discovered contained 12 different pieces of malware and resulted in the theft of at least 60,000 Social Security numbers.

"These 'blended attacks' are different because the attacker doesn't need to convince the user to do anything except click on a link," Bransford says.

Interestingly, while many researchers report that a high percentage of phishing attacks come from overseas, Cyveillance found that almost three-fourths of malware sites are based in the U.S. "Generally, attackers want the malware to come from a site in the same region, which makes it seem more trustworthy," Bransford says.

While malware is the fastest-growing attack vector for identity theft, traditional phishing continues to proliferate as well, Cyveillance found. In fact, the number of sites targeted by phishing attacks grew 50 percent in the first two months of 2007, from 800 to 1,200.

"Where we used to see [phishers] targeting mostly large banks and popular online sites like eBay, now we are seeing smaller regional banks, credit unions, and retail sites that have never been targeted before," Bransford says. Credit unions alone saw an increase of 584 percent in the last 12 months, and associations have suffered an increase of 329 percent, Cyveillance reports.

— Tim Wilson, Site Editor, Dark Reading

  • Cyveillance

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    NSA Appoints Rob Joyce as Cyber Director
    Dark Reading Staff 1/15/2021
    Vulnerability Management Has a Data Problem
    Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-27852
    PUBLISHED: 2021-01-20
    A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
    CVE-2021-3137
    PUBLISHED: 2021-01-20
    XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
    CVE-2020-27850
    PUBLISHED: 2021-01-20
    A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
    CVE-2020-27851
    PUBLISHED: 2021-01-20
    Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
    CVE-2020-13134
    PUBLISHED: 2021-01-20
    Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...