New technique used in ATO phishing attacks

Peter Dinham
Monday, 13 July 2009 14:37

Business IT - Security

According to Symantec it also observed that 38 percent of phishing URLs in the month of June were generated using phishing toolkits, with the number of toolkit attacks increasing by nine percent, including a sudden increase in toolkit attacks during the last week of June primarily targeting the information services sectors.
 
The rise in toolkit attacks, says Symantec, was primarily the resurgence in phishers targeting a social networking site popular mainly in the United States, following hot on the heels of the recent phishing attacks in May targeting another popular social networking site, Facebook, “which was successfully curbed by the team at Facebook.”

Symantec says “this particular toolkit attack is most likely related to a specific Command & Control server being reactivated,” further adding that “these attacks play a significant part in populating and updating underground economy servers with stolen personal data, marketed in the maturing underground economy.”

According to Symantec, a total of 1,503 phishing sites were hosted in 92 countries, amounting to an increase of approximately 21 percent of IP attacks in June in comparison to the previous month.

The report reveals that the Greater China region accounted for approximately 19 percent of IP attacks in the month, the highest observed from the Asia Pacific region, as compared to the previous months.

Free Web-hosting services has been the easiest form of phishing in terms of cost and technical skill required to develop fake sites, says Symantec, with a total of 143 different Web hosting services serving as the home for 2,814 phishing sites in the month of June.
 
Symantec also observed that there was a significant increase in the number of free Web-hosting services utilised for developing phishing sites, after analysing more than 77 brands based upon the geo-location of their Web hosts as well as the number of unique URL’s utilised to lure victims to the phishing Web hosts.
 
In June, Symantec also found that phishing attacks in Italian, French and Chinese languages were higher, with French language attacks returning to the top position after a gap of a couple of months. The security firm also says it observed that phishing Web sites in Italian and French language remained higher for some popular financial brands. Italian and French language phishing sites, it says, were mainly from the financial sector, while Chinese language phishing sites were from the e-commerce sector.