Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/18/2010
02:31 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Text Message Phishing Attacks Drop in Q1 - New IID Report

Internet Identity' "First Quarter Phishing Trends Report" reveals credit unions primary target with 'smishing'

TACOMA, Washington - June 17, 2010 - Internet Identity (IID), a provider of technology and services that help organizations secure Internet presence, today released its First Quarter Phishing Trends Report (www.internetidentity.com/news/in-the-news) that revealed text- to-phone phishing attacks (often called "smishing") dropped dramatically in the first quarter of 2010. According to IID, smishing attacks were down 62 percent from January to March, 2010 compared to the previous quarter. Despite the drop, the number of credit unions being impersonated in text-to-phone cases stayed the same, meaning these organizations were the most targeted by industry. In these attacks, cyber criminals impersonated companies by text message to try and lure victims to call a fake interactive voice response (IVR) system designed to steal vital personal data like logon information, account credentials, social security numbers and more.

Other findings of IID's fourth quarterly phishing report:

Cyber criminals increasingly posed as relief organizations to launch phishing attacks, claiming to help victims of recent disasters, like the earthquakes in Haiti and Chile

Phishing was increasingly used to carry out Internet Domain Name System hijackings, specifically with China's biggest search engine, Baidu.com (similar to the December 2009 hijacking of Twitter)

There was a significant reduction in the number of phishing attacks carried out by Avalanche, one of the most prolific cyber criminal gangs (responsible for two-thirds of the world's phishing attacks in the second half of 2009)

Conversely, non-Avalanche phishing attacks rose 14-percent from the previous quarter

The major share of phishing volume moved to targeting money transfer sites

"There were some encouraging trends in fighting phishing in the first quarter of this year, including reductions in the some of the worst online attacks. Despite that, problems continue, and we've seen a rise in devastating losses for small businesses which threatens to massively erode trust in online business banking," said IID President and CTO Rod Rasmussen. "In order to be one step ahead of these cyber criminals, organizations must actively detect, diagnose and mitigate such attacks 24/7, because cyber criminals don't sleep."

In 1997, IID discovered and disabled a phishing attack against AOL long before phishing became such a publicized problem. Since then, the company has been helping protect both company brands and consumer pocketbooks against such assaults. The entire IID 2010 First Quarter Phishing Trends Report can be found at www.internetidentity.com/news/in-the-news .

About IID

Internet Identity (IID) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry's first and only solution for detecting, diagnosing and mitigating domain name system (DNS) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malware and brand security solutions for many of today's leading financial service firms, e-commerce, social networking and ISP companies, and more. IID is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. The company is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).