Cybergangs alter infrastructure abuse techniques

Phishing attack frequency declined 20 percent from Q4 2012 to Q1 2013, due to a precipitous drop in virtual server phishing attacks. APWG statistics indicate that phishing levels are returning to the levels seen prior to the record-setting highs of 2012.

Phishing attack numbers dropped from Q4 2012 to Q1 2013, from 46,066 in January to 36,983 in March. The number of unique phishing reports submitted to APWG each month also saw a massive decrease during the quarter, dropping 31 percent from January to March. January’s total of 28,850 was 29 percent lower than the all-time high of 40,621 reports, recorded in August 2009.

The Q1 2013 drop in phishing attacks was precipitated by a steep decline in virtual server phishing attacks. A virtual server phishing attack is an incident wherein a cybercriminal breaks into a single web server that hosts a large number of domains – and then creates and hosts phishing pages on each one of those domains. This method can efficiently yield a large number of attacks.

“The drastic decrease likely indicates that cybercriminals are utilizing the servers they compromise not for phishing attacks, but rather for more malware or distributed denial of service attacks,” said Rod Rasmussen, CTO of Internet Identity.

Another set of statistics also demonstrated criminals seeking out compromised servers they could use to distribute malware. During March, the percentage of phishing-based Trojans and downloader malware hosted in the USA dropped from 37 percent to less than 20 percent.

“While tracking the decrease in US-hosted phishing websites we noticed a corresponding increase in phishing sites hosted in Canada,” said Carl Leonard of Websense. “Canadian-hosted phishing decreased in 2012, so we may seeing the beginning of a trend reversal in Q1 2013.”

Trojans continue to account for about three-quarters of all newly detected crimeware threats.

The complete report is available here.