The APWG has released its global phishing survey for H2 2012

Apr 26, 2013 21:01 GMT  ·  By

The Anti-Phishing Working Group (APWG) has released its global phishing survey for the second half of 2012. It turns out that between July and December 2012, cybercriminals broke into the systems of hosting providers with unprecedented success.

This allowed them to launch mass phishing attacks by abusing the targeted organizations’ systems.

By compromising a shared virtual server, the attackers can plant their malicious elements on every domain hosted on that server. Hundreds and even thousands of websites at a time can be hijacked in this manner.

In H2 2012, 47% of all phishing attacks involved shared virtual servers.

“Breaking into hosting facilities is a high-yield activity for phishers,” said Rod Rasmussen, president and CTO of IID, and a co-author of the study.

“This activity is part of a larger trend – we also see criminals hacking into shared hosting and using those servers for other malicious activities, such as launching denial-of-service attacks, infecting the computers of the legitimate website visitors via exploit code, and creating botnets.”

The study also shows that the average uptime of phishing websites has been 26 hours and 13 minutes.

As far as the domain names registered for phishing scams are concerned, the cybercriminals have abused a small number of registrars more prevalently than others. Eight of these companies are based in China.

“Chinese phishers tend to make malicious domain registrations more often than other phishers, and use registrars inside and outside of China,” said Greg Aaron, president of Illumintel Inc., and a co-author of the study.

“The report highlights how phishers take advantage of certain domain name registrars and registries, and how a lot of the activity is concentrated in certain places online. Those companies need to be actively involved in monitoring for and mitigating abuse in the spaces they control.”

The latest APWG report also reveals the fact that 123,486 phishing attacks were recorded in the second half of 2012. 207 top-level domains were abused, but 82% of all the phishing sites were registered on .com, .tk and .info domains.

A total of 611 institutions were targeted, which represents a considerable increase compared to the first half of 2012 when criminals focused on only 486.

Interestingly, only 1.4% of the domains used by phishers contained brand names or variations of brand names.

The complete “Global Phishing Survey: Trends and Domain Name Use in 2H2012” report can be downloaded from here.