Despite spam levels being at the lowest level since March 2009 (according to a report released last week from Symantec’s MessageLabs), metrics released by the APWG indicate that cybercriminals are cultivating an array of alternative attack schemes, and in particular, increasing attacks on the online classified services sector with phishing attacks.
According to the APWG’s Q2, 2010 Phishing Activity Trends Report released this week, attacks targeting classified advertising sites accounted for 6.6 percent of phishing attacks in Q2 2010. Though the online payment services sector remained the most targeted industry with 38 percent of detected attacks in Q2, up from 37 percent in Q1, the classified advertisement services sector exhibited the most rapid growth in phishing attacks of all sectors in the half.
Classified sites including person-to-person trading sites such as Craigslist and Autotrader, as well as job boards, dating sites and other kinds of online commerce sites, enable cybercriminals to trick consumers into giving up funds or financial data that can be used for fraud, or even to draft them as unwitting accomplices into their criminal enterprises such as working as money mules.
Ihab Shraim, MarkMonitor’s Chief Security Officer and Trends Report contributing analyst said, “The Classifieds sector grew 142 percent from the previous quarter and over 91,000 percent from the comparable quarter [Q1] a year ago. This sudden growth may have been due to Auction sector phishing resources shifting over to the Classifieds sector.”
“These stats show that stolen credentials are a significant issue, whether by phishing or Trojan software, but it may even be underreporting the real seriousness of the problem,” said Alisdair Faulkner, Chief Products Officer at ThreatMetrix. “Unfortunately the pain is not just felt by the brands targeted by phishing attacks, it is every other online business that is then attacked with the stolen identity and credit card information. In just the last twenty four hours alone, ThreatMetrix detected 135,000 fraudulent transactions attempted against 350 of the top online companies.”
The report also highlighted growth in detected samples of rogueware, malware disguised as anti-virus or anti-spyware software, which rose 13 percent from quarter to quarter, up from 183,781 in Q1 to 207,322 in Q2, 2010.
Interestingly, just three rogueware “families” were responsible for 72 percent of all the samples detected in the period, according to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst. Adware/SecurityTool was the most frequently detected rogueware family in Q2 with 25 percent; Adware/TotalSecurity2009 was second with a 24 percent; and Adware/MSAntispyware2009 was third with 21 percent of the rogueware samples detected in Q2.
The APWG Q2, 2010 Trends Report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistical data, also reported:
● Unique phishing reports in Q2 2010 rose to an annual high of 33,617 in June, down 17 percent from the record high in August 2009 of 40,621 reports.
● The quarterly high of unique phishing websites detected was 33,253 in April, down 43 percent from the record high of 56,362 in August 2009.
● The Q2 high of 14,945 brand-domain pairs in April was down 63 percent from the record of 24,438 in 2009.
● The number of phished brands reached a high of 276 in May, down 22 percent from the all-time record of 356 in October, 2009.
● Payment Services accounted for 38 percent of attacks in Q2, up from 37 percent in Q1.
● United States continued its position as the top country for hosting phishing websites during Q2.
● Spain’s proportion of detected crimeware websites rose to 16 percent in Q2, from less than 4 percent in Q1.
● The percentage of computers infected with banking trojans and password stealers rose to 17 percent from 15 percent in Q1.
“While the once-rapid expansion of conventional phishing is apparently slowing, there is every indication that ecrime gangs are expending much greater effort to design and deploy ever more undetectable, manipulative, focused and attractive schemes to defraud consumers and enterprise users. These organizations have become no less ambitious, we should note, just increasingly sophisticated and evermore deft in their criminal craftsmanship,” APWG Secretary General, Peter Cassidy.
The full APWG report is available here (Direct PDF Download)