APWG has released their Global Phishing Survey for the second half of 2013 which found that phishing syndicates are modifying their targeted brands more rapidly tha has been seen before, with 324 pf the 681 targets analyzed in the second half of 2013 were not targets in the first half of the year.
“Phishers appear to be looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing. From the results of our latest survey, it is obvious that most any enterprise with an online presence can be a phishing target,” said co-author of the report Greg Aaron of Illumintel.
Key findings in the report included:
- There were at least 115,565 unique phishing attacks worldwide, nearly a 60% increase over the 72,758 seen the first half of 2013, but less than the 123,486 attacks observed in the second half of 2012
- The attacks occurred on 82,163 unique domain names, with 22,831 domain names believed to be registered maliciously by phishers
- Overall, there were 22 percent fewer phishing sites in the fourth quarter than there were in the third quarter. Even then, 2013 was one of the most active years on record for phishing
- During the second half of 2013, 840 unique target institutions were attacked, up significantly from the 720 found in the second half of 2013
- A number of malware families morphed constantly in efforts to avoid detection by antivirus products. Fully 37 percent of the malware variations spawned during 2013 showed up during Q4
- The United States continued to be the top country hosting phishing sites during the fourth quarter of 2013
“Malicious domain names — meaning domain names registered by phishers directly, were at an all-time high — nearly twice any prior survey,” said report co-author Rod Rasmussen of IID. “These domains were largely registered by Chinese phishers to attack Chinese targets but were registered in several TLDs at numerous registrars around the world, making it ever more important for registrars and registries to be on the lookout for fraudulent registration attempts.”
“This is the highest number of malicious domain registrations we have ever counted in any of our semiannual surveys, which stretch back seven years to 2007. The increase is due to registrations by Chinese phishers,” the report stated.
The APWG is an international coalition that works to unify the response to cybercrime across industry, government and law-enforcement sectors with the help more than 2000 institutions worldwide and advises governments, governance bodies like ICANN, trade groups; and treaty organizations such as the European Commission, Council of Europe’s Convention on Cybercrime, United Nations, Organization for Security and Cooperation in Europe and the Organization of American States.
Read More Here (PDF)…