Phishers target more global brands
While financial institutions still top the phishing radar, cybercriminals are now moving beyond to top brands, with one of the recent victims being a hardware manufacturer, according to the latest Anti-Phishing Work Group (APWG) report.
Released Sunday, the APWG Phishing Activity Trends Report for the fourth quarter of 2009 revealed that 356 brands were hijacked in October, an increase of 4.4 percent over the previous high of 341 recorded last August. The study was compiled using data from APWG and its members MarkMonitor, Websense and Panda Security.
The organization noted that the number of unique phishing reports submitted to APWG had dropped nearly 29 percent against an all-time high of 40,621 in August, registering 28,897 in December following a steady decline throughout the quarter. However, member reports and reviews in the second half of 2009 indicated a substantial increase in phishing attempts geared at personnel with financial authority.
APWG Chairman Dave Jevans explained in the report: "Spear phishing and whale-phishing, which target individuals inside of corporations, or of high net worth, appear to be increasing.
"Phishers and malware attackers are sending e-mail to individuals in a highly-targeted fashion, attempting to gain access to corporate online banking systems, corporate VPNs (virtual private networks) and other online resources."
According to Jevans, the attacks do not contribute significantly to the overall volume of unique phishing e-mail because they are not broad-based or generic spam. Instead, the attackers customize the e-mail messages to specifically target individual users.
The number of unique phishing sites detected between last October and December remained steady, at between 45,000 and 46,500.
Despite the rise in the types of brands hijacked, cybercrime syndicates continued to focus on the financial services during the last quarter of 2009; financial institutions accounted for 39 percent of overall brands targeted. Thirty-three percent of the phishing attacks recorded during the period focused on payment services companies, while auction-related brands made up 13 percent.
The United States again led the world in Q4 for the number of phishing sites hosted, accounting for over 90 percent of the total in October and November. Asian economies Hong Kong, China and Korea were also ranked among the top 10, with China making it to No. 2 with a 5.2 percent share in December.
However, Patrick Runald, Websense's senior manager for security research, noted that going forward, China is likely to "disappear from the top 10 list" due to the tightened regulations the China Internet Network Information Center has introduced for the ".cn" top-level domain.