Cyveillance Report Identifies Shift in Phishing Evolution with Emphasis on New Lucrative Global Targets
Criminals Utilize Sophisticated Spear Phishing Techniques to Stay Ahead of Traditional Security Measures
ARLINGTON, Va., March 30, 2011 – Cyveillance, a world leader in cyber intelligence, today announced that despite a decline in traditional phishing attack volume during the second half of 2010, the ability of phishers to attempt successful fraud remained constant. The number of malicious urls discovered continued to increase as fraudsters exploited social networking sites to deploy their malware. With greater diversity of attacks, phishing continues to be a global problem, with nearly half of all new financial targets based in India and the Middle East according to Cyveillance’s “2H 2010 Cyber Intelligence Report,” which was issued today.
The online fraud environment continued to flourish for cyber criminals in the second half of 2010, posing serious danger to both consumers and businesses. Attackers continued to become more distributed, operating from regions around the globe and leveraging distributed resources to evade detection and law enforcement efforts. The impact of these sophisticated spear phishing attacks enabling social engineering attempts like the one associated with “Aurora” or “Night Dragon,” can be devastating if undetected over a period of time.
“In today’s always-on environment, the challenge is staying one step ahead of online criminals,” said Panos Anastassiadis, chief operating officer of Cyveillance. “Social engineering has been around for ages, but today through social media, criminals have instant access to all the valuable personal information they need to target very specific individuals and ultimately gain access to extremely valuable corporate information. It is critical for everyone to be fully educated about the threats on the open Internet and how they have a responsibility for information security within their organizations. The threats we face can no longer just be addressed with a technology solution alone.”
While banks and credit unions continue to be the top targets of phishers, social media sites remain a growing favorite of online criminals due to the inherent nature of these users to share personal information. Cyber criminals are gaining access to confidential information through simple searches in order to carry out elaborate social engineering scams. This type of phishing relies on both technology and human interaction by manipulating people to perform actions or divulge further information, resulting in greater financial benefits through online fraud or identity theft.
In addition to Cyveillance’s traditional phishing and malware statistics (see below), the report also includes test results identifying how long it takes leading antivirus (AV) software vendors to detect new malware threats as they are initially discovered in real-time. When Cyveillance fed active attacks through 13 of the top AV vendor1 offerings, they identified that these solutions initially detect on average less than half of malware threats on day one. As a result, visitors to a malicious website could have a more than one in two chance of being infected with malware.
Phishing. During the second half of 2010, Cyveillance detected a total of 114,797 phishing attacks for an average of over 19,000 unique attacks per month with the volume remaining relatively steady throughout the half. The amount of attacks seen monthly is down compared to the first half of the year (21,000 per month) and could be related to the recent decline in spam, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Specifically, the use of more sophisticated and targeted attacks result in greater success and lucrative opportunities for online criminals. Cyveillance identifies phishing as a social engineering scam that relies on both technology and human interaction to carry out online fraud and identity theft. The schemes are varied, but typically involve a spoofed (spam) email that mimics an email from a legitimate and respected organization in order to steal personal information, which is then used for online fraud, identify theft or unauthorized network access purposes.
Malware. The majority of malware threats on the Internet continue to originate within the United States and China. The two countries lead in almost every significant malware statistical category. Other developed countries such as Germany and the United Kingdom are not far behind, posing significant danger to Internet users. Cyveillance considers malware to be a file or application downloaded from a website or server that exhibits properties that are both involuntary and malicious in nature. There are many types of malware, ranging from “bot” programs used to launch spam to DoS attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information or targeting specific SCADA or industrial platform. While all malware presents a threat, the variations used for financial fraud typically cause the most harm to consumers.
All figures and statistics2 in the Cyveillance “1H 2010 Cyber Intelligence Report” are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between July 1, 2010 and December 31, 2010. For more information or to download the report, please visit: Cyber Intelligence Report – 2H 2010.
About Cyveillance
Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 200 million global consumers through its partnerships with security and service providers that include Blue Coat, AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more information, please visit www.cyveillance.com or http://www.qinetiq-na.com.
1Vendors tested included Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-Prot, Virus Buster, Norman, eTrust-Vet and Symantec. (Trend Micro is a registered trademark of Trend Micro Incorporated, Cupertino, CA; Sophos is a registered trademark of Sophos PLC, Oxfordshire, England; McAfee is a registered trademark of McAfee, Inc., Santa Carla, CA; Kaspersky is a registered trademark of Kaspersky Labs, London, England; F-Secure is a registered trademark of F-Secure Company, Espoo, Finland; Dr. Web is a registered trademark of Dr. Web Co., Moscow, Russia; AVG is a registered trademark of AVG Technologies, BRNO, Czech Republic; Nod32 is a registered trademark of Nod32 Corporation, Bratislava, Slovakia; F-Prot is a registered trademark of Fisk Software Intl Co, Reykjavik, Iceland; Virus Buster is a registered trademark of Virus Buster, Ltd., Budapest, Hungary; Norman is a registered trademark of Norman Company, Lysaker, Norway, and Symantec is a registered trademark of Symantec Corporation, Mountain View, CA; eTrust-Vet is a registered trademark of CA, Inc., Islandia, NY).
2Cyveillance’s comprehensive monitoring technology continuously sweeps the Internet – monitoring and collecting information from over 200 million unique domain name servers, 190 million unique websites, 80 million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails and more. This approach yields the discovery of more than 100,000 new sites each day.
Media Contact:
Chris Leach
Welz & Weisel Communications
703-877-8105
chris@w2comm.com
