Friday, February 20, 2009

RSA Report Points to an Increase in Cyber Crime

According to a recent report from RSA Security, phishing attacks increased 66 percent last year when compared to 2007. One reason cited for this are the increased availability of DIY (do-it-yourself) phishing kits, which are available for sale on the Internet.

Some of these kits even come with tech support. In the past few years, these kits have enabled a lot more people to get into the phishing game.

The statistics compiled in the Anti-Fraud Command Center Phishing Trends Report recorded 135,426 phishing attacks compared to 90,000 detected in 2007. Despite these ominous numbers, the report showed a marked decrease in the number of attacks between June and July. The amount of attacks then increased steadily until the end of the year and then dropped again in December. The RSA team attributed this to a drop in activity by a notorious gang of phishermen, known as the Rock Phish.

Although, no one seems to be exactly sure, the Rock Phish are a phishing gang that are allegedly of Romanian origin. Experts believe they are responsible for up to 50 percent of the phishing seen in the wild (on the Internet) today. To avoid detection, Rock Phishing attacks often update DNS records during an attack and change URLs, which confuse take-down efforts and allow them to bypass spam filters. They also use images in their spam e-mails, which make their work harder to be detected by spam filters. A lot of spam filters do not use OCR (optical character recognition) because it slows down the filtering process.

The (temporary?) reduction in attacks was attributed to the Rock Phish upgrading their infrastructure and switching to the use of a new botnet, called the "Asprox botnet."

A lot of the newer botnets — which spew out spam in the millions using zombies (compromised computers) — are using what is known are using fast flux technology. Fast flux is a DNS technique used to hide spam e-mails behind a constantly changing network of compromised computers (zombies), which have been taken over using malicious software to send out spam. Since these spam e-mails recruit new zombies all the time, it makes shutting down this type of activity pretty difficult. According to the report, fast flux attacks now comprise about half of all the activity out there.

From a global perspective, the United Kingdom (40 percent) was the most attacked country followed by the United States (37 percent). This was attributed to a focused attack on a number of financial institutions in the UK in 2008. The report also acknowledges increased activity in Latin America and the Pacific. A lot of experts believe we will see increased activity in other parts of the world as more people from these regions are introduced to the Internet. As this takes place, more computers will be compromised (become zombies) in these countries and the statistics will shift.

It should be noted that despite the increased activity in the United Kingdom, the United States still holds the dubious honor of being number one in hosting phishing attacks. They are also number one in brand names being attacked.

Of no surprise is the statistic that financial instituions are the favorite target in these attacks. It makes sense that the phishermen will continue to go where the money is and with the sour economy, there are a lot of social engineering lures that are ripe for exploitation. Fear is a time-honored social engineering lure, which gets people to click on links they should not have.

The conclusion of the report is that online crime continues to evolve, is becoming more dangerous, and new tools are being used to further the effort. My guess is that it will continue to grow as long as we focus on defending against it instead of going after the source of it! Of course, this is merely the opinion of this observer.

No comments: