« Podcast: While Many Companies Are Protected Against Outsider Threats, Insider Threats Remain: Ecora's Solution | Main | MailEnable Enables Spammers »

According the the Anti-Phishing Working Group’s most recent report, Phishing websites and crimeware are at record levels. Also, for the first time, ISPs replaced the retail sector as the second-most targeted group, although both are still far behind financial services.

From an article I found at Dark Reader, the APWG recorded 29.930 phishing attempts worldwide in January, a 25 percent increase over December’s 28,531. One bit of good news, though, is the number of phishing sites dropped slightly, as well as the number of imitated brands.

"You're getting a diversification of strategies by phishers, mostly because of anti-phishing techniques" cramping their style, says Adam O'Donnell, senior research scientist for Cloudmark. "By diversifying, they can distract and bait the [phishing] analysts and get into more fertile phishing grounds."

The storm warm was an example of cybercriminals diversifying their malware. The worm created hundreds of mutations over just one weekend, and also had auto-upddate features built right in. "If you're able to release a virus that gets in the wild and makes an impact before" antivirus engines map it out, the attacker wins, he says. "This is a huge trend in crimeware."

Also, password-stealing malware went up from 340 apps in December to 345 in January. The APWG found that Brazilian-based malicious software developers were now using Web Attacker, a wildly popular toolkit from Russia. This confirms the reports that crimeware groups are globally collaborating.

Social networking and gambling sites also saw more highjacking attempts than ever. Experts say this is only likely to increase as cybercriminals discover more ways to collect money from the information gained on those sites. This is especially true of MySpace, which, while it doesn’t have financial data, may have data that can be used for more social engineering schemes.

Finally, trjoan “redirectors”, or those sites that redirect a user’s web traffic to some other, more malicious location by changing host files or other DNS-based info, are also on the rise. Most alter DNS settings or host files to redirect the user to a fake DNS server, and the user is unlikely to be able to tell the difference.

This seems to follow the simple and inevitable trent that, as more and more criminals realize that, at least here in New York City, street crime gets harder and harder to pull-off without getting caught on some video camera or other, the ease of online fraud just keeps pulling them in.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1594