A study made by the Anti-Phishing Working Group (APWG) reveals that many website owners whose domains have been compromised by phishers aren’t aware of the fact that they’re victims of a cybercriminal operation.
In order to ensure that their phishing campaigns record a success and don’t get interrupted easily by security solutions providers, cybercriminals often take over legitimate hosts on which they plant their malicious webpages.
In the past few weeks we’ve seen numerous examples in which perfectly legitimate sites belonging to organizations from all around the world have been used to host PayPal or other scam pages.
“Phishers continue to target legitimate websites because they are much harder for interveners to take down. They remain confident that they'll be able to identify and exploit sites, and for good reason,” said APWG Research Fellow Dave Piscitello of ICANN.
“Victims are not taking measures to secure their sites from attack, and they remain lax in monitoring against and mitigating attacks.”
The results of the study published by APWG show that attackers are still mostly targeting environments that rely on Linux, Apache, MySQL and PHP.
The most worrying aspect is that in 80% of the cases, the site’s owners are unaware that they’re part of a criminal operation until a third party notifies them.
In 40% of cases, phishing pages are removed from sites within 24 hours after they were planted. Close to 60% of the respondents claimed to have taken down the malicious websites within 2-3 days.
Unfortunately, most of the individuals who have experienced such incidents don’t know much about how they ended up being victims.
“The high frequency of PHP exploits underscores our previous recommendations: you must keep all components of your website - OS, web server, applications, and especially active content - patch current and configured securely,” Piscitello explained.