The Anti-Phishing Working Group (APWG) announced the establishment of an open-access cybercrime reporting program to speed the collection and redistribution of cybercrime machine-event data to anti-virus vendors, security companies, investigators and responders.
The APWG Accredited Reporter Data Submission Program broadens the number of qualified contributors to the APWG’s machine-event data clearinghouses across the globe in order to maximize the trans-industrial exchange of event data required to deflect, investigate and respond to cybercrime attacks in the first instance.
APWG Secretary General Peter Cassidy said, “Gone are the days when managers of the most phished brands on the Internet could fit around a table at a restaurant in San Francisco. The breadth of brands targeted by phishers today demands vastly broader sampling attack data and, as an NGO clearinghouse for these kinds of data, community outreach.”
APWG established its initial URL Block List (UBL) repository in 2003 under demand from industry and NGOs for a central clearinghouse to receive phishing reports from brand holders and responders, and to distribute them to developers of security software, such as browser security toolbars and anti-virus systems as well as to cybercrime investigators requiring notification of attacks.
“The Accredited Reporter service will make it easy for companies, researchers, and others who discover a phishing sites to submit it once; and for APWG to quickly distribute it broadly to AV companies and to URL reputation services (like IE’s SmartScreen),” says APWG Microsoft Delegate Shawn Loveland.
Since the URL Block List was established, responders and investigators from industry, government and NGO sectors have been motivated to route phishing reports in real time to the APWG’s UBL to inform security applications and forensic programs, including:
- Rapid distribution of block list notifications for spam filters, browsers, anti-phishing toolbars, web filters and proxies
- Global protection of consumers and business from frauds involving commercial enterprises and brand-holders
- Prevention of users globally from downloading malicious software developed to animate a financial crime
- Prevention of users from disclosing login and password credentials
- Benchmarking efficacy against others in similar industries to determine if fraudsters are targeting them more intensely
- Informing forensic databases for researchers, industrial investigators and law enforcement to better succeed in legal investigations and actions against criminals who have multiple target companies in common
- Data exchange with other members of an economy or government who are being affected by the same threats (phishing kits, malware distribution sites, botnet C&Cs, malicious IP addresses, reshippers, mules).
Any brand holder or responder that has cybercrime event data they want to be cleared through the UBL to alert software developers or inform investigators’ forensic routines, should be participating in the Accredited Reporter program. If any brand holder wants to leverage the larger community of AV vendors, responders and investigators they’ll be first and fastest to report transgressions against their brands.
The Accredited Reporter program introduces a new level of APWG membership, fees for which are waived for eligible NGOs and public-sector agencies. The data sheet and application form for the program is available here.
As the user base of the UBL expands, new applications for the data are continually suggested and considered for development under the APWG members’ eCrime Exchange (eCX). Today, the APWG UBL is a dynamically updated archive of URLs and associated data that is submitted by the general public, APWG members, CERTs, cybercrime responders, contributing brand holders and data exchange correspondents.