The U.S.-based Anti-Phishing Working Group (APWG) today released their Phishing Activity Report for the month of February. The number of phishing attacks grew modestly compared to the January 2005 timeframe, though there was a marked increase in the use of malicious software associated with the attacks.
In February 2005, there were 13,141 unique phishing lures reported to the APWG. The average monthly growth rate since July 2004 is 26%.
The number of phishing web sites supporting these attacks rose 1.8% from 2,578 to 2,625 in the month of February.
Financial services continue to be the most attacked industry segment, with 78% of attacks targeting their customers.
The APWG is witnessing a disturbing uptick in field reports of malicious code being employed to either filter consumers’ logins and passwords from their keystrokes or to redirect them to convincing counterfeit sites even when observing the “best practice” of directly keying a bank’s URL into the browser’s address bar (so-called “Pharming”).
Dan Hubbard, senior director of security and technology research for Websense, Inc. said, “Previous phishing attacks, primarily through email, were based around luring a user to perform an action through social engineering. However, we are seeing additional attack methods which do not necessarily rely on the lure of email becoming more frequent.”
APWG Chairman David Jevans said that the shift toward the use of malicious criminal software (“crimeware”), could represent phishing’s “second wave”, with the professional phishing gangs using sophisticated technology to evade the defenses that have been arrayed against social engineering phishing schemes like email filters and educated consumers.
The AWPG has been watching so-called “technical subterfuge” attacks (which use malicious code to manipulate consumers’ PCs) proliferate in Brazil and Australia with some trepidation for over a year.
“The only question was when this genre of attack would reach northern hemisphere targets in substantial numbers,” said Jevans.
“We are concerned, because we know how potent they have been against banks in Brazil. Over the last six months, federal police reported arrests of phishing suspects accused of lifting tens of millions of dollars from consumers’ accounts in Brazil.”
The United States continues to be the top location geographic location for hosting phishing sites with more than 37%. This was almost a 6% increase from last month. Also, China was up more than 10% to 28%. Other top countries are: Korea 11%, Brazil 3.97%, Germany 2.95%, Japan 2.46%, Canada 2.28%, Argentina 1.78%, France 1.74%, and Romania 1.45%.
The APWG is the global counter-phishing organization of stakeholders confronting the phishing threat, including national law enforcement agencies, global banks and financial institutions, national ISPs, ISVs, hardware vendors and e-commerce companies.
The group, formed in 2003, has more than 1110 members worldwide from more than 700 companies, government regulatory agencies and law enforcement bureaus, as well as some 60 sponsors including: ActivCard (ACTI), Affinity, Aladdin Knowledge Systems, Anakam, Brandimensions, Cloudmark, Clear Search, Comodo, Corillian (CORI), Cyota, Cyveillance, Datanautics, DigitalEnvoy, Entrust (ENTU), Experian, eEye Digital Security, GeoTrust and GoDaddy.
These sponsor still include InternetIdentity, Kaspersky Labs, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), NameProtect, NetIQ (NTIQ), Panda Software, PassMark, RSA Security (RSAS), SAIC, SecureBrain, Sigaba, Symantec (SYMC), Trend Micro (TMIC), TriCipher, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Visa Canada, Websense, Inc. (WBSN), WholeSecurity and 0Spam.net.
The full text of the report is available online at:
The Anti-Phishing Working Group