Online criminals are garnering greater success with increased technical sophistication affecting a wider range of industries. With greater diversity and the use of targeted attacks, phishing remains one of the top threats on the Internet according to a new Cyveillance report.
While some research indicates that the volume of phishing emails has been decreasing, it is important to note that these attacks are targeting more varied industries with the intent on generating greater financial success. While banks and credit unions continue to be the top targets of phishers, governments and the technology and energy industries are now seeing growing numbers of attacks.
Cyveillance determined that during the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of the year. Averaging over 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed despite advances made in consumer education and added protections implemented by security departments within the targeted organizations.
In addition to the phishing and malware statistics, the report also includes test results on the ability of leading AV software to detect malware. When Cyveillance fed active attacks through 14 of the top AV vendor offerings, they identified that these solutions detect less than half of the malware found on the Internet, leaving users susceptible to infection.
Furthermore, Cyveillance fed malware samples through six of the top AV vendor products to determine how long they would take to detect the threat. Cyveillance found that even after seven days to adjust to a new malware threat, AV software averages only reached roughly a 50 percent detection rate.
“Cyber criminals are focusing their efforts on developing more sophisticated and targeted attacks rather than using a far reaching blanket approach, in order to reap greater financial rewards,” said Panos Anastassiadis, COO of Cyveillance. “From emails to social networks, online criminals have increasingly more information at their disposal and a growing array of attack vectors to appear credible and go undetected. Organizations must be more vigilant in proactively protecting themselves and cannot rely solely on traditional security measures to keep their infrastructure and sensitive information safe.”