Category: Statistics

Top Techniques for this activity include Phishing Hosting: Free web hosts continued to be favored location for hosting phishing sites, as seen on Netcraft’s Phishiest Hosters page. Also ranking highly were several hosts that seem to offer scant policing of scams, including Romanian host Home.ro/Go.ro, which was home to more than 760 phishing URLs in 2005.

More than 600 phishing spoof sites were hosted on compromised forums and content management systems, offering a reminder that security problems with these programs extend beyond the site’s operators and users.

The Geography of Phishing: A review of 5,000 of the most recently confirmed phishing URLs shows that .com continues to be the most popular top-level doman (TLD), with Russia and Romania being the only country-specific TLDs with more than 1 percent of URLs. Romania has hosted 1,397 phishing sites in 2005, equivalent to about 3.3 percent of all hostnames in that country.

The Netcraft Toolbar Community is digital neighborhood watch scheme, in which the most alert and expert members act to defend the larger community of users against phishing frauds. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL. Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.

http://news.netcraft.com/archives/2005/12/31/phishing_by_the_numbers_41000_blocked_sites_in_2005.html

The huge increase in the number of malware programs stems from the activities of criminal gangs intent on using trojans, worms and viruses to make a profit, according to a new report from anti-virus software firm Sophos, entitled the Security Threat Management Report 2005.

These gangs have been focusing their efforts on a smaller number of victims, who are targeted with customised malware, so that the creators of the virus can evade the attentions of anti-virus software vendors and security providers. “Internet criminals may be turning their back on large scale attacks not only because they do not wish to draw attention to their efforts, but also because they cannot practically handle the amount of stolen data they might receive if they infected hundreds of thousands of computers in one day,” the report noted.

A report published in November 2005 by Financial Insights, an IDC company, estimated that global financial institutions lost USD400 million in 2004 due to phishing schemes. Instead of going for the large financial institutions, cyber criminals are now engaging in what has been dubbed “puddle phishing”, where they target a smaller financial institution that may only have a few branches.

While all of the top ten threats are Windows-based worms, the number of Trojan horses written during 2005 outweighs worms by a ratio of two-to-one.

In 2005, the Zafi-D virus has topped the Sophos list as the most prevalent virus on the internet. The most prevalent virus in 2004, Netsky-P, has dropped to second place this year. Sober-Z – which was only unleashed in November 2005 – has already climbed to third place as it continues to disrupt and clog networks worldwide. The other viruses in the top 10 were Sober-N, Zafi-B, Mytob-BE, Mytob-AS, Netsky-D, Mytob-GH, Mytob-EP.

http://www.theregister.co.uk/2005/12/07/sophos_2005_security_survey/

“It’s disturbing that the number automatically updating their internet security systems has dropped,” Mr Peterson said, down from 90.3 per cent in 2004 down to 75.2 per cent in 2005.

“Though more businesses are allowing staff access to the internet at work – now up to 65 per cent – staff internet policies have not kept pace, while training on safe internet practices has dropped from 67.2 per cent in 2004 to 55.9 per cent in 2005.

Overall 88 per cent of respondents have installed antivirus software; 77 per cent have in place firewall software or appliance; and overall 63 per cent have spam filtering.

Fifty-one per cent of total respondents have been the target of a phishing expedition, the study showed and businesses are receiving an average of 98 spam emails per day.

This year, five per cent of the survey sample report getting 51-100 spam emails a day compared with 12 per cent reporting the same volume in the last survey.

http://www.nbr.co.nz/home/column_article.asp?id=13723

Hackers are on a pace to deploy a record-setting 6,191 different keyloggers in 2005, a 65 percent boost from the 3,753 keyloggers released in 2004, said iDefense.

A keylogger-based theft of 220 million pounds ($382 million) from the London offices of the Japanese bank Sumitomo Mitsui was foiled in March, while in August, researchers at Sunbelt Software stumbled on an offshore server jammed with information — including usernames, passwords, telephone numbers, credit card and bank account numbers — stolen with a keylogger.

“Everybody knows about viruses and worms, but the threat of the unknown is the greatest threat we face,” said Dunham.

http://www.securitypipeline.com/news/174300038

Too often overlooked, many analysts argue, are savvy “synthetic” fraud schemes that frequently don’t directly victimize individual consumers.

By some estimates, this accounts for three-quarters of the money stolen by identity crooks. “There’s a lot of fraud that is not being identified as fraud, not being measured accurately,” said Anne Wallace, executive director of the Identity Theft Assistance Center, an industry-funded group that helps victims resolve fraud problems for free.

To understand the risks we really face, it’s worth analyzing the statistics. Multiple surveys have found that around 20 percent of Americans say they have been beset by identity theft. The Identity Theft and Assumption Deterrence Act of 1998 defines it as the illegal use of someone’s “means of identification”–including a credit card. So if you lose your card and someone else uses it to buy a candy bar, technically you have been the victim of identity theft.

In both cases, the survey didn’t ask whether a faulty memory or a family member–rather than a shadowy criminal–turned out to be to be the culprit.

When Chubb’s report asked whether people had suffered the huge headache of finding that someone else had taken out loans in their name, 2.4 percent–one in 41 people–said yes.

So what about the claim that 10 million Americans are hit every year, a number often used to pitch credit monitoring services? Perhaps some people decide that raising a stink over a wrongful charge isn’t worth the trouble. Even so, the finding made the overall validity of the data seem questionable to Fred Cate, an Indiana University law professor who specializes in privacy and security issues. After all, identity theft remains widespread even by conservative measurements. And companies that handle our personal information still could go to greater lengths to protect it–often simply by encrypting their files.

http://www.securitypipeline.com/news/173602995

“We’ve made significant progress in reducing the window of exposure,” said Eschelbeck, noting that the half-life for a critical vulnerability on an externally-facing computer is now 19 days, down from 2004’s 21. In large part, that’s due to the perception, rightly deserved, that the risk on external machines is higher.”

“Automated attacks [now] create 85 percent of their damage within the first 15 days from the outbreak,” said Eschelbeck. Last year, he reported that 80 percent of the damage was done in the first 42 days.

According to Eschelbeck’s data, patches released on a predefined schedule — monthly or quarterly — are deployed 18 percent faster than those for vulnerabilities whose fixes are released ad hoc.

“It seems a predictive schedule makes it easier to organize and plan and put together resources for patching, rather than scramble when a patch suddenly appears.” That finding should sit well with Microsoft, one of the first major developers to go to a regular release schedule.

Among his other conclusions, Eschelbeck downplayed concern over wireless security, saying that the problem is really overrated. “People think that wireless is such a big exposure point for networks, and that’s it’s a real problem, but only 1 in 18,220 critical vulnerabilities is caused by a wireless access point.” “By reducing it another 20 percent, we can make networks even more secure.”

In addition, with an increasing number of critical vulnerabilities, enterprises need to look harder at prioritizing their patching. The Common Vulnerability Scoring System (CVSS), which was designed by several technology companies, including Cisco, eBay, Internet Security Systems, and Qualys, is the primary initiative. “Scoring and prioritization are going to be more important in 2006.

http://www.securitypipeline.com/news/173602790