Phishing Continues Growth Pattern

Thursday, May 28, 2015 @ 03:05 PM gHale


The amount of domain names used for phishing reached an all-time high, a new report found.

Most of these domain names ended up registered by Chinese phishers, who register the domains at registrars in the USA and China, according to a new report by the Anti-Phishing Working Group (APWG).

RELATED STORIES
Breaches Cost More, Hard to ID
Complexity Halts Security: Report
Cyber Insurance Debate Heating Up
Breach: Subsea Cable Operator’s IT Network

Phishing attacks work and are seeing more use across a large range of industries. Targets included a manufacturer of industrial supplies that specializes in fasteners, telephone companies and insurance companies, the U.S. toll road collection system E-ZPass, as well as power utilities in Europe, the report said.

The study found in the second half of 2014, the median uptime of phishing attacks increased to 10 hours 6 minutes — up from 8 hours and 42 minutes in the first half of last year. This means phishing attacks continued working in the critical first hours, when most victims fall prey.

Findings in the report include:
1. New companies end up constantly targeted by phishers. Some phishers are attacking targets where consumers may least expect it.
2. The ten companies targeted most often by phishers end up attacked constantly, sometimes more than 1,000 times per month. Together the top ten targets suffered more than three-quarters of all the phishing attacks observed worldwide.
3. The number of domain names used for phishing reached an all-time high.
4. Phishing in the new top-level domains started slowly. We expect to see phishing levels in them rise as time goes on.
5. Chinese phishers were responsible for 85 percent of the domain names registered for phishing. These phishers started using .CN domains more frequently.
6. Phishing attacks did not end up mitigated as quickly. The median uptime of phishing attacks increased to 10 hours 6 minutes — up from 8 hours and 42 minutes in the first half of 2014. This means phishing attacks did not shut down as efficiently in the critical first hours, when most victims fall prey.

Click here to download the report.



Leave a Reply

You must be logged in to post a comment.