Latest news
A new phishing survey released by the Anti-Phishing Working Group (APWG) reveals that in the second half of 2011, China’s Taobao.com became the world’s most frequently phished brand target, exceeding the previously most-victimized brand, PayPal.Taobao.com is one of China's largest e-commerce sites, specializing in business-to-consumer and consumer-to-consumer transactions, similar to eBay and Amazon.
For several years, PayPal had been the world’s most frequent phishing target, due to PayPal’s ubiquity and its popularity with consumers. In 2H2011, there were 18,508 phishing attacks against Taobao.com – 22 percent of all the phishing attacks recorded worldwide. There was also drop in attacks against PayPal.
“Attacks by Chinese phishers have exploded, as they take advantage of China’s stream of new Internet users,” said Greg Aaron of Afilias, one of the report’s co-authors. “But the problem is not limited to China—these phishers use hosting and domain names based in the U.S. and Europe. It’s a reminder that e-crime often requires international solutions. Fortunately there is data-sharing and cooperation happening to combat the problem.”
Globally, for the first time, malicious use of subdomain registration services eclipsed the registration of regular domain names by phishers.
There were 17,390 phishing attacks hosted on subdomain services in the second half of 2011, using 16,664 unique subdomains. This was a 38 percent increase from the 12,574 attacks we recorded in 1H2011.
“This is a clear example of phishers gravitating towards services they can readily abuse,” said Rod Rasmussen, CTO of Internet Identity and the study’s other co-author. “Use of subdomain services is a challenge because only the subdomain providers themselves can effectively mitigate these phish. While many of these services are responsive to complaints, few take proactive measures to keep criminals from abusing their services in the first place.”
Other highlights of the report include:
- In 2H2011, the average uptimes of all phishing attacks dropped notably.
- The number of targeted institutions dropped, as phishers concentrated on larger or more popular targets.
- Malicious domain name registrations are concentrated by domain registrar, and by TLD.
Spotlight
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
