Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/2/2011
05:06 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Phishers Becoming Marketers Of Fraud

Internet Identity finds half of all enterprises victimized by spear phishing in last year

TACOMA, Wash. – July 26, 2011 – IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence, today released its Second Quarter eCrime Trends Report that revealed phishers are becoming more sophisticated criminal marketers. The report documents a quarter that was a watershed for data breaches, from unprecedented large-scale attacks at Sony and Epsilon, to penetrations against security companies themselves, and even assaults on small, non-traditional targets like a knitting community. Between recent direct attacks and exposures caused by password re-use, industry leaders are calling for new, resilient security practices that assume network compromise has already occurred, so efforts be directed to detecting and containing them quickly.

To see how these events are shaping thoughts and planning within enterprise environments, IID surveyed its clients who are leading enterprises on the threats from spear phishing, the more highly targeted form of phishing. More than 85 percent of respondents acknowledged some concern about spear phishing, with 33 percent saying that they are “extremely concerned.” Further, fully half of all respondents reported that their organizations had been victimized by spear phishing in the past year.

“Across the spectrum, there is a growing realization that criminals are becoming far more sophisticated in their targeting approaches, and that at the end of the day, organizations’ networks will be compromised,” said IID President and CTO Rod Rasmussen. “Our survey found that most people we talk with are already concerned, and our opinion is that if they aren’t, they sure should be.”

As an example of these more sophisticated marketing approaches to phishing, IID found that from April to June 2011 phishers increasingly used a technique called URL rewriting to target multiple legitimate domains simultaneously through compromised shared servers that host hundreds of unique URL’s at a single IP address. Compromising thousands of legitimate domains with good reputations in their attacks allows phishers to bypass many anti-spam measures and increase deliverability of their lure messages.

IID found the overall phishing increase quarter to quarter was a significant 11 percent. Yet since IID only counts one compromised IP address per phishing attack in its overall statistics, the actual increase in overall attacks if URL rewriting was to be included would be dramatically higher (more than 80 percent).

Other findings in IID’s report include:

In keeping with becoming savvy marketers, phishers utilized recent current events like Osama Bin Laden’s death, and the aftermath of the Japan earthquake and tsunami to lure phishing victims.

Criminals are targeting large e-mail service providers like Epsilon themselves in order to gain targeted account information and hijack their email infrastructure resources.

With all of the recent theft of login information, IID fears cyber criminals will increasingly try to re-use compromised IDs and passwords across Internet locations, since many logins are duplicated at multiple websites and corporate networks.

Sources of data and background for the IID 2010 Second Quarter eCrime Trends Report include IID's own security experts and some of the world’s leading security and Internet infrastructure organizations like ICANN (Internet Corporation for Assigned Names and Numbers) and APWG (Anti-Phishing Working Group). The report, along with past eCrime studies, can be found at www.internetidentity.com/resources/trend-reports.

About IID

IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry’s first and only solution for detecting, diagnosing and mitigating domain name system (DNS) and border gateway protocol (BGP) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today’s leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...