Throughout 2007 we saw criminals become more sophisticated in the way they orchestrate attacks and in whom they are targeting. As we look to 2008, we fully expect to see increased complexity of phishing and malware attacks as criminals capitalize on weaknesses in Web 2.0 security to inject malware directly into trusted Web sites.
ARLINGTON, Va. (PRWEB) February 11, 2008
While still occurring in high volumes, the rate of broad-based phishing attacks targeting new companies and industries reached its highpoint of 431 in the first quarter of 2007. The second half of the year saw a significant decrease with only 106 new brands targeted in the fourth quarter. Cyveillance's data indicates that these attacks became more focused throughout the year, repeatedly targeting prominent brands in key industries. Financial service institutions continue to be the top targets of phishers, with banks and credit unions accounting for nearly 9 out of 10 new brands targeted in the fourth quarter. Overall, more than 1,750 brands have been attacked since 2005.
Throughout last year phishing attacks became more sophisticated and evolved to incorporate legitimate brand names and URLs. Highlighting the rapid evolution of these scams in 2007, phishing attacks leveraging compromised Web sites grew from 38 percent in the third quarter to 51 percent in the fourth quarter. The use of compromised Web sites complicates the attack take down process for the targeted organization, because it requires that specific URLs be removed without disrupting the site's legitimate operations. In addition, the use of targeted brands within the URL of phishing sites increased significantly, representing over 50 percent of all attacks. Phishers frequently include the brand in the URL to help legitimize their spoofed pages.
Continuing a trend first identified in the third quarter, Cyveillance's data shows a 30 percent growth in malware attacks outside the United States as criminals diversify their targets throughout the world's most economically developed countries. This global expansion resulted in malware attacks against United States citizens decreasing from a high of 75 percent in the first quarter to 45 percent in the fourth quarter. France and Japan represent the largest malware targets outside of the United States with attacks in these countries increasing since the beginning of the year to 20 percent and 12 percent respectively.
"Cyveillance combs the Internet and exposes malicious activities that hide from public view, giving our customers an early warning about any possible threats to their employees, customers or systems," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Throughout 2007 we saw criminals become more sophisticated in the way they orchestrate attacks and in whom they are targeting. As we look to 2008, we fully expect to see increased complexity of phishing and malware attacks as criminals capitalize on weaknesses in Web 2.0 security to inject malware directly into trusted Web sites."
All figures and statistics in the Cyveillance report are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between October 1 and December 31, 2007. It represents aggregate cyber intelligence findings that Cyveillance has delivered to its OEM data partners, except where otherwise noted.
Cyveillance's continuous monitoring technology thoroughly sweeps the Internet - monitoring and collecting information from over 200 million unique domain name servers, 150 million unique Web sites, 80 million blogs, 90 thousand message boards, thousands of IRC/Chat channels, billions of spam emails, auction sites, bot networks and more. This approach yields the discovery of more than 100 thousand new sites each day.
For more information about Cyveillance's research findings, please visit http://www.cyveillance.com/fraudreport-Q407/media.asp.
Cyveillance, the world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners - protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 30 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. For more information, visit http://www.cyveillance.com.