Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Phishing Sites: Lifespan Decreases, Population Grows at Record Speed, Says APWG

According to a new report from the Anti-Phishing Working Group (APWG), an industry organization focused on combating phishing and cybercrime, the average uptime of phishing websites dropped during the first half of 2012. That’s a good thing, as the longer a site hosting phishing attack remains online and accessible, the more money and data cybercriminals can pilfer from victims.

According to a new report from the Anti-Phishing Working Group (APWG), an industry organization focused on combating phishing and cybercrime, the average uptime of phishing websites dropped during the first half of 2012. That’s a good thing, as the longer a site hosting phishing attack remains online and accessible, the more money and data cybercriminals can pilfer from victims.

APWG

According to the APWG’s Global Phishing Survey: Trends and Domain Name Use in 1H2012, the average uptime of phishing attacks dropped to a record low of 23 hours and 10 minutes in the first half of 2012. This number, the APWG says, it about half of what it was in late 2011, and by far the lowest since the report first started back in January 2008. 

While the lifetime of a phishing site has decreased, the report showed an increase in the number phishing attacks during the period – at least 93,462 by the APWG’s count, a 12 percent bump from the same period last year.

On the tactics side, the anti-cybercrime organization warned that cybercriminals are increasingly using hacked web servers that host legitimate websites on reputable domains to host their phishing websites.

“Phishers seem to be concentrating their efforts on compromising legitimate websites using automated attack tools, or purchasing access to them on the burgeoning underground market,” said Rod Rasmussen, SecurityWeek columnist and CTO of Internet Identity, who is a co-author of the report. “This allows them to leverage the good reputation of a website’s domain name, making it harder to block in either spam filters or via suspension, and makes takedown of that domain impractical.”

The report also noted a major increase in ways a cybercriminal can generate hundreds of phishing attacks at the same time.

“Some of the increased phishing activity is due to an especially virulent method that some phishers have been using more often,” explained Greg Aaron of Afilias, the report’s other co-author. “Instead of hacking websites one at a time, phishers are breaking into shared hosting — web servers that host large numbers of domains. This way, a phisher can infect dozens, hundreds, or even thousands of websites at one time.”

Other key discoveries from the APWG 2H2012 report include:

Advertisement. Scroll to continue reading.

• Phishers registered more subdomains than regular domain names. The number of domain names registered by phishers dropped by almost half since early 2011.

• The number of targeted institutions has dropped; phishers continue to target larger or more popular targets.

• Only about 2 percent of all domain names that were used for phishing contained a brand name or variation thereof.

• Phishers attacking Chinese institutions are an exception – they prefer to register domain names rather than hacking into servers. Phishers attacking Chinese institutions were responsible for two-thirds of all malicious domain name registrations made in the world. These phishers use both Chinese and non-Chinese domain registrars.

• Domain name owners in South America had their web servers compromised by phishers in growing numbers.

The full report from the APWG is available here in PDF format. 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.