Attack Report: Phishing Victims Unaware

Thursday, September 20, 2012 @ 04:09 PM gHale


Phishing attacks are so good of late, website operators often don’t even know they suffered a compromise and they are part of a criminal operation.

Often times, bad guys, so they can ensure their phishing campaigns are a success and don’t get interrupted by security providers, often take over legitimate hosts on which they plant their malicious webpages, according to a study by the Anti-Phishing Working Group (APWG).

RELATED STORIES
Trojan Attacks Focus on Zero Days
Pushdo Trojan a Master of Disguise
Warning: Google Alert Contains Trojan
Cross-Platform Trojan Steals Passwords

In the past few weeks group has seen numerous cases where perfectly legitimate sites belonging to organizations from all around the world have hosted PayPal, or other scam pages.

“Phishers continue to target legitimate websites because they are much harder for interveners to take down,” said APWG Research Fellow Dave Piscitello of ICANN. “They remain confident that they’ll be able to identify and exploit sites, and for good reason.”

“Victims are not taking measures to secure their sites from attack, and they remain lax in monitoring against and mitigating attacks.”

The results of the study published by APWG show attackers are still mostly targeting environments that rely on Linux, Apache, MySQL and PHP.

The most worrying aspect is that in 80% of the cases, the site’s owners are unaware that they’re part of a criminal operation until a third party notifies them, the study said.

In 40% of cases, phishing pages end up removed from sites within 24 hours after bad guys planted them. Close to 60% of the respondents said they took down malicious websites within 2-3 days.

Unfortunately, most of the individuals who have experienced such incidents don’t know much about how they ended up being victims.

“The high frequency of PHP exploits underscores our previous recommendations: You must keep all components of your website OS, web server, applications, and especially active content patch current and configured securely,” Piscitello said.



Leave a Reply

You must be logged in to post a comment.