A phishing survey released by the Anti-Phishing Working Group (APWG) in April 2011 indicates a record number of unique domain names were used for phishing attacks in the second half of 2010. And the cybercriminals signed up for free domain services more often than hacking live domains.
From July 1, 2010, through December 31, 2010, the APWG observed at least 67,677 phishing attacks worldwide. This isn't a record – the group reported 126,697 attacks in the second half of 2009 when the Avalanche botnet was in its prime. However, the 2010 attacks occurred on 42,624 unique domain names, which is the highest figure recorded by the APWG. A whopping 28% were registered with the intention of being used for phishing and related cybercrimes; the remaining domains were legitimate domains that were hacked for malicious purposes.
In an interesting trend, the criminals tended to sign up for free domain or subdomain services (create a new domain/subdomain) rather than hack an existing, legitimate domains. Part of the reason for the uptick in new registrations is that the 2010 data includes new information on Chinese attacks; statistics show that Chinese cybercriminals prefer new domain registrations over hacking. Domain hacking is still a major threat, but cybercriminals look for the path of least resistance to achieve a goal much like the rest of us, and creating a new domain is quick and easy. The Tokelau .TK domain registration service and the Korean CO.CC subdomain service are free services that accounted for almost 11% of all phishing attacks during the period of the study.
Although individuals can no longer register.CN (China) domain names, China still figures heavily in phishing attacks. As a double-whammy to a country trying to reduce cybercrime, the majority of the July-December 2010 attacks originated in or near China, and the attackers focused on Chinese banks and e-commerce sites as well.
Stu Sjouwerman
From July 1, 2010, through December 31, 2010, the APWG observed at least 67,677 phishing attacks worldwide. This isn't a record – the group reported 126,697 attacks in the second half of 2009 when the Avalanche botnet was in its prime. However, the 2010 attacks occurred on 42,624 unique domain names, which is the highest figure recorded by the APWG. A whopping 28% were registered with the intention of being used for phishing and related cybercrimes; the remaining domains were legitimate domains that were hacked for malicious purposes.
In an interesting trend, the criminals tended to sign up for free domain or subdomain services (create a new domain/subdomain) rather than hack an existing, legitimate domains. Part of the reason for the uptick in new registrations is that the 2010 data includes new information on Chinese attacks; statistics show that Chinese cybercriminals prefer new domain registrations over hacking. Domain hacking is still a major threat, but cybercriminals look for the path of least resistance to achieve a goal much like the rest of us, and creating a new domain is quick and easy. The Tokelau .TK domain registration service and the Korean CO.CC subdomain service are free services that accounted for almost 11% of all phishing attacks during the period of the study.
Although individuals can no longer register.CN (China) domain names, China still figures heavily in phishing attacks. As a double-whammy to a country trying to reduce cybercrime, the majority of the July-December 2010 attacks originated in or near China, and the attackers focused on Chinese banks and e-commerce sites as well.
Stu Sjouwerman