According to newly published data from Cyveillence, online fraud continues escalate. I seriously doubt that comes as a shock to anyone reading this newsletter. The world is chock-full of criminally insane people, and the Internet has simply brought countless numbers of them out of their closets. That sad reality aside, let's have a look at what Cyveillance discovered.
First of all, I should point out that Cyveillance says its results are based on actual collected numbers, not numbers extrapolated from a sampling of data. The findings represent actual measurements based on data gathered using the company's own monitoring software to inspect roughly 150 million Web sites--and that number grows daily.
The data published by Cyveillance shows that phishing attacks continue to be driven by the lure of easily stealing money from people's bank accounts and other financial repositories; Web-based malware attacks are on the rise; and criminals are turning more towards compromising existing Web sites to host their malware instead of creating their own Web sites. That last trend is a logical evolution. After all, tracking down and blocking malware sites that use their own domains is relatively easy. Filtering malware on sites that are typically trusted by end users is much more difficult--no one expects his or her system to be infiltrated by a Trojan while simply visiting the Major League Baseball site.
The number of phishing attacks targeting new brands (those that weren't ever targeted before) actually declined over the course of 2007. However, 106 new brands were attacked in the Q4 2007 and the vast majority of them were in some sort of financial business, such as banking and credit unions.
Phishing scams require data drop points--after all, the bad guys need somewhere to send the phished data. According to Cyveillance, Germany is currently the hot spot for data drop points, with the United States coming in a close second and France following in a very distant third place. Cyveillance points out that the number of data drop points in Russia has fallen to less than 1 percent of the total. The company wonders if the disappearance of the Russian Business Network (RBN) might have something to do with that small percentage. If you aren't familiar with RBN, you can learn more about it in "What is the Russian Business Network" at the URL below.
http://www.windowsitpro.com/Windows/Article/ArticleID/97664/97664.html
Here's an eye-opening figure that many of you consultants and administrators can use: Of all the phishing pages discovered in first quarter 2007, 34 percent were hosted on compromised existing Web sites. If that isn't bad enough, by fourth quarter 2007, that number rose to a whopping 51 percent! Obviously companies aren't securing their Web sites as well as they should.
I think it should also be pointed out here--although it's not part of the data released by Cyveillance--that intruders are using advertising networks to get their malicious code onto popular Web sites. Ad network operators aren't screening content carefully, and as a result, they're propagating dangerous code, which I believe makes then completely liable for any damage that code causes. As a result of their lackadaisical behavior, heavily trafficked sites such as NHL.com, MLB.com, and Monster.com have been used to deliver malware.
Another factoid from the Cyveillance report is that the percentage of malware distribution sites in the U.S. has fallen from 74 in first quarter 2007 to 45 in fourth quarter 2007. Conversely, the percent of malware sites hosted in France grew from 13 to 20 over the course of 2007. The number of malware sites in Japan grew even faster. In first quarter 2007, less than 1 percent of malware sites were hosted in Japan. By the end of the year, that figure had grown to 12 percent.
So that's it in a nutshell. If you're interested in learning more details, you can download a copy of the full report in PDF format at the Cyveillance Web site at the URL below.
http://www.cyveillance.com/fraudreport-Q407/media.asp
