Previous month:
March 2013
Next month:
May 2013

April 2013

Highlights from the APWG Global Phishing Survey 2H2012

Colleagues Greg Aaron (Illumintel) and Rod Rasmussen (Internet Identity) have published another comprehensive survey on phishing patterns, behavior and impact. With Greg's permission, I'm posting his summary of highlights from the Report.

The APWG Global Phishing Survey Report (2H2012) contains key stats and analysis for the time period July-December 2012, including what top-level domains were used, phishing site uptimes, and at what registrars phishers registered domain names.  

Highlights from the Report:
 

  • Attacks made by compromising virtual hosting accounted for 47% of all phishing attacks in the period.  Breaking into hosting providers has been a high-yield activity of the bad guys, since it allows them to mount phish on hundreds of domains at a time.   Those compromised sites also have higher reputations than new domains.   This activity fits into a larger criminal trend: the targeting of shared hosting environments (notably WordPress, cPanel, and Joomla installations) to create botnets, wage DDoS attacks, etc. (pages 5-6)
  • The number of domain names registered by phishers has dropped by 60% since 2011.   Instead, phishers are using alternatives that are more attractive – such as those mass compromises on shared hosting platforms,  and registering subdomains -- which can be cheap and are often not well-managed by their registrar/registry.   Phishers registered more subdomains than “regular” domain names (pages 16-17).

  • On the other hand, Chinese phishers generally prefer to make domain registrations, as they continue their attacks on Chinese targets such as Taobao.com and CCTV.   Some Chinese phishers are also going after gaming site Battle.net a lot.  A set of small Chinese registrars has prevalent phishing registrations (pages 14-15).

 Skeptic: The report, as always, is well worth reading and sharing.


ICANN Security Team offers DDoS Reporting Advice

DDoS attacks are increasingly in frequency and intensity. Virtually every individual, organization, or business is a potential target. On behalf of ICANN's Security Team - and with the invaluable assistance of trusted colleagues in the operational community - I've published a post on aspects of DDoS attacks that is often overlooked:

  • How do I report an Attack? To whom?
  • What kinds of assistance can I expect to find? From whom?
  • Should I contact law enforcement?
  • What kind of information should I provide when reporting an attack?

We conclude the article, How to Report a DDoS Attack, with a list of resources to help you understand the nature and kinds of DDoS attacks and to prepare in advance.