The Anti-Phishing Working Group (APWG) has released its Global Phishing Survey: Trends and Domain Name Use for the first half of 2012. On some fronts the numbers are encouraging, but not all the findings are positive.
“Phishers seem to be concentrating their efforts on compromising legitimate websites using automated attack tools, or purchasing access to them on the burgeoning underground market,” said Rod Rasmussen, CTO of Internet Identity and co-author of the report.
“This allows them to leverage the good reputation of a website's domain name, making it harder to block in either spam filters or via suspension, and makes takedown of that domain impractical.”
The figures show that the number of South American webservers compromised by phishers has increased. The number of hijacked legitimate websites used to host phishing sites has also recorded an incline.
It turns out that cybercriminals have registered far less domain names compared to 2011. Instead, they've preferred to register subdomains.
Interestingly, although they still rely on the names of popular brands to ensure the success of their campaigns, the domains registered by phishers contained the brand’s name only in 2% of cases.
The number of phishing attacks increased by 12% compared to the second half of 2011, but the good news is that their uptimes dropped to a new record low of 23 hours and 10 minutes. This represents only half of the uptime recorded at the end of 2011.
“Some of the increased phishing activity is due to an especially virulent method that some phishers have been using more often,” Greg Aaron of Afilias, the study’s other co-author, explained.
“Instead of hacking websites one at a time, phishers are breaking into shared hosting -- web servers that host large numbers of domains. This way, a phisher can infect dozens, hundreds, or even thousands of websites at one time.”