Click here to close now.




















Welcome!

News Feed Item

APWG Report: Phishing Levels Remain High, and Increasingly Supplemented by Malware Attacks

The APWG reports in its Q3 2012 Phishing Activity Trends Report that there was a constant decline in the number of traditional phishing websites through September 2012, counterfeits usually impersonating well-known financial services companies or other brands. This is a return to historical levels after a period of especially high activity, pointing up an increase in crimeware-based attacks.

The APWG received reports of 30,955 unique phishing sites in July -- 24 percent lower than the all-time high of 40,621 reports recorded in August 2009. The number of unique phishing e-mail reports (campaigns) received by APWG from consumers dropped from 33,464 in May to 21,684 in September, a decline of 35 percent.

Ihab Shraim, Chief Information Security Officer and VP, Anti-Fraud Engineering & Operations at MarkMonitor and a Trends Report ascribed the decline to the use of other fraudulent techniques, such as malware attack vectors. "However, it is unlikely that traditional phishing will stop since the cost of producing a phishing attack is almost insignificant," he said. "Also, the decline is not universal across all brands."

"Some professional phishers have moved from perpetrating mass phishing campaigns to exploit-style malware attacks," said Rod Rasmussen, President and CTO of Internet Identity and a report contributor. "These don’t show up as traditional phishing attacks. If anything, there are probably more "lures" of all types being generated, but with the destination being an exploit site with a drive-by download that infects users directly with malware, rather than a phishing site that attempts to steal credentials via social engineering."

The full text of the report is available here: http://www.apwg.org/download/document/84/apwg_trends_report_q3_2012.pdf

Other highlights of the Q3 2012 report include:

* China is back to being the top ranking country most infected by malware

* July 2012 saw 428 brands targeted by phishers, tying the all-time-high observed in April 2012. The number of brands attacked then declined. APWG members report that smaller institutions such as credit unions are being targeted less frequently.

* China is back to being the top ranking country most infected by malware

* Financial Services continued to be the most-targeted industry sector in the third quarter of 2012.

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the worldís only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.

Among APWG's corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T(T), Avast!, AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, Domain Tools, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path, RSA Security (EMC), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO), zvelo and ZYNGA.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Learn how to solve the problem of keeping files in sync between multiple Docker containers. In his session at 16th Cloud Expo, Aaron Brongersma, Senior Infrastructure Engineer at Modulus, discussed using rsync, GlusterFS, EBS and Bit Torrent Sync. He broke down the tools that are needed to help create a seamless user experience. In the end, can we have an environment where we can easily move Docker containers, servers, and volumes without impacting our applications? He shared his results so yo...
Palerra, the cloud security automation company, announced enhanced support for Amazon AWS, allowing IT security and DevOps teams to automate activity and configuration monitoring, anomaly detection, and orchestrated remediation, thereby meeting compliance mandates within complex infrastructure deployments. "Monitoring and threat detection for AWS is a non-trivial task. While Amazon's flexible environment facilitates successful DevOps implementations, it adds another layer, which can become a ...
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
In a recent research, analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...