IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
February 27, 2009

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Gone phishing: the RSA Online Fraud Report

Most notably, the UK led in terms of total volume of attacks last year. This is a result of several massive surges of attacks against a small number of UK financial institutions.

Also, the volume of phishing attacks globally grew by 66% over those detected throughout 2007. Most of this growth took place from January to April of last year. Rock Phish Gang and other fast-flux initiated attacks contributed greatly to the increase (there were approximately 80,000 attacks in the first six months of 2008).

Online fraud is most certainly evolving. Phishing and pharming represent one of the most sophisticated, organised and innovative technological crime waves faced by online businesses. Fraudsters have new tools at their disposal, and are able to adapt more rapidly than ever.

The RSA Anti-Fraud Command Centre (AFCC) is a 24-7 ‘war room’ that’s designed to detect, monitor, track and shut down phishing, pharming and Trojan attacks against more than 300 institutions worldwide. The AFCC has shut down over 120,000 phishing attacks to date and is a key industry source for information on phishing and emerging online threats.

The following statistics have been gathered from the RSA AFCC phishing repository. Each statistic includes a short trend analysis based on the expertise of the fraud analysts within the RSA AFCC.

Dramatic increase in attack volumes

In 2008, the RSA detected 135,426 phishing attacks, compared to just over 90,000 phishing attacks detected in 2007. The first six months of 2008 demonstrated a dramatic increase in the volume of phishing attacks detected by RSA, peaking in April with 15,002 attacks.

There was a sharp 68% drop in attacks between June and July last year, where the lowest volume of attacks detected during the year was reported in August with 7,099 attacks. After three months of a modest upward trend of the rate of detected phishing attacks between September and November, the volume dropped once again to almost the lowest point of the year with 8.040 phishing attacks detected in December. This year-end drop in the rate of phishing attacks was mainly due to a decrease in activity by the Rock Phish Gang.

The vast reduction in the rate of phishing attacks during the July-to-September timeframe was attributed to the fact that the Rock Phish Gang had abandoned its previous infrastructure and started to use the Asprox botnet, as noted by the RSA FraudAction Research Lab on September 4 in its blog concerning RSA’s Speaking of Security.

At the time, RSA suspected that the Rock Phish Gang was using another fast-flux network in addition to leveraging the Asprox botnet. From August to December, the Rock Phish gang continued to instigate a diminished number of attacks compared to earlier in the year, although the rate of their attacks increased after August.

Standard phishing attacks versus Rock Phish Gang and fast-flux

The first half of 2008 signified the peak of attacks initiated by the Rock Phish Gang and other fast-flux initiated attacks. RSA closely followed the establishment of several criminal fast-flux based networks, as well as the evolution of some phishing infrastructures that were identified during 2007.

In 2008, attacks initiated by the Rock Phish Gang and other fast-flux initiated attacks constituted almost half of the total attacks, substantially impacting the volume of phishing attacks between January and June.

Financial institutions and other companies were attacked at least once during 2008. Those companies within the US suffered a whopping 68% of the total number of attacks, ten times higher than the number of brands attacked within the UK – which ranked a distant second on the list.

After the US, the rate of attacks against brands within every other country on the target list fell between one and six percent of the total amount. This can be attributed to the fact that there are a large number and variety of financial institutions in the US, and the financial services industry was the most targeted industry by far in 2008.

During the year, phishing attacks moved into new territories such as South America, Central America and the Asia Pacific region.

Top Ten countries by number of attacks

Although the US led by a huge margin in terms of the number of attacked brands during 2008, the UK led in terms of total volume of attacks. This is a result of several massive surges of attacks against a small number of UK financial institutions during 2008.

The RSA noted that the expansion of phishing attacks into new territories, such as Latin America and Asia Pacific was also a key factor when calculating the number of phishing attacks.

Top Ten countries hosting phishing attacks

The country that hosted the most substantial number of attacks (as enumerated by the location of the ISP or the hosting company) was the US, and by a very considerable margin.

Looking at this another way, the US hosted two-thirds of the world’s phishing attacks in 2008. This means that the US hosted more than eight times the amount of attacks than Germany and South Korea, each tied for second place and each accounting for only 7% of all hosted attacks.

Tied for third place were the UK and China, each accounting for 5% of all hosted attacks. Russia, Canada and Australia were tied in fourth place, each accounting for 3% of all hosted attacks.

December 2008: trends and analyses

The number of phishing attacks detected by the RSA Anti-Fraud Command Centre dropped sharply in December 2008, decreasing by more than 20% when compared against November.

December 2008 witnessed the second lowest number of attacks during 2008, with a total of 8,040 attacks. A steep decrease in the number of phishing attacks instigated by fraudsters other than the Rock Phish Gang caused the drop in attacks in December.

Attacks launched by the Rock Phish gang, on the other hand, slightly increased in December.

Total number of brands attacked

The number of financial institutions and other brands attacked in December 2008 dropped by almost 15%, with 178 brands attacked in December 2008 compared to 207 during November. This positions December as the month with the third lowest number of brands attacked (after October and January respectively).

The decrease in the total number of brands attacked can most likely be attributed to the overall drop in the number of attacks launched in December.

Top Ten countries hosting phishing attacks

The top three countries hosting phishing attacks during December 2008 (as enumerated by the location of the ISP or the hosting company) changed slightly from November 2008. South Korea dropped from second to third place, and France moved up from fourth place to second place.

Tokelau (a New Zealand region) and the Netherlands left the chart this month, while Pakistan was new to the list in December, hosting the eighth largest number of attacks. Returning after a one-month absence is China at seventh place.

As expected, the US hosted the largest number of phishing attacks, accounting for just about two thirds of the world’s total phishing attacks during December.

Top Ten countries by attacked brands

Financial institutions and other brands in the UK and US continued to be the most widely targeted in December, maintaining their respective positions over the past three months. Canadian brands replaced Italian brands as the third most attacked, while the rate of attack against Australian brands climbed up from eighth place in November 2008 to fifth place.

Between November and December, Spanish and Indian attacked brands retained similar positions at fourth and seventh place respectively – as did Mexican and South African attacked brands in ninth and tenth place.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted