Phishers becoming sophisticated marketers of fraud

Phishers are becoming more sophisticated criminal marketers, according to a report by IID which documents a quarter that was a watershed for data breaches, from large-scale attacks at Sony and Epsilon, to penetrations against security companies themselves, and even assaults on small, non-traditional targets like a knitting community.

Between recent direct attacks and exposures caused by password re-use, industry leaders are calling for new, resilient security practices that assume network compromise has already occurred, so efforts be directed to detecting and containing them quickly.

More than 85 percent of survey respondents acknowledged some concern about spear phishing, with 33 percent saying that they are “extremely concerned.” Further, fully half of all respondents reported that their organizations had been victimized by spear phishing in the past year.

“Across the spectrum, there is a growing realization that criminals are becoming far more sophisticated in their targeting approaches, and that at the end of the day, organizations’ networks will be compromised,” said IID President and CTO Rod Rasmussen. “Our survey found that most people we talk with are already concerned, and our opinion is that if they aren’t, they sure should be.”

As an example of these more sophisticated marketing approaches to phishing, from April to June 2011 phishers increasingly used a technique called URL rewriting to target multiple legitimate domains simultaneously through compromised shared servers that host hundreds of unique URL’s at a single IP address.

Compromising thousands of legitimate domains with good reputations in their attacks allows phishers to bypass many anti-spam measures and increase deliverability of their lure messages.

IID found the overall phishing increase quarter to quarter was a significant 11 percent. Yet since IID only counts one compromised IP address per phishing attack in its overall statistics, the actual increase in overall attacks if URL rewriting was to be included would be dramatically higher (more than 80 percent).

Other findings in IID’s report include:

• In keeping with becoming savvy marketers, phishers utilized recent current events like Osama Bin Laden’s death, and the aftermath of the Japan earthquake and tsunami to lure phishing victims.
• Criminals are targeting large e-mail service providers like Epsilon themselves in order to gain targeted account information and hijack their email infrastructure resources.
• With all of the recent theft of login information, IID fears cyber criminals will increasingly try to re-use compromised IDs and passwords across Internet locations, since many logins are duplicated at multiple websites and corporate networks.

The complete report is available here.