Two Thirds Of All Phishing Attacks Carried Out By Single Group


Now this is a pretty surprising figure, we all know Phishing has become a big issue in recent years especially for financial institutions, but it still amazes me two-thirds of all attacks can come from a single group! It’s been a major issue concerning computer security in general, consumer privacy and companies like PayPal have had a lot of problems with phishing attacks.

Apparently Avalanche arose from members of Rock Phish which we wrote about accounting for 50% of all phishing attacks back in 2007.

It seems that phishing is growing into a fairly huge business for some people.

A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said.

The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for half the world’s phishing attacks before fizzling out in late 2008. Driving the success of both groups is their use of state-of-the-art technology for mass-producing imposter websites and distributing huge amounts of crimeware for automating identity theft.

“Avalanche uses the Rock’s techniques but improved upon them, introducing greater volume and sophistication,” the report, released by the Anti-Phishing Working Group, stated.

They are definitely getting more sophisticated as I remember phishing attacks when they first originated and they were really very basic, generally riddled with typos and spelling mistakes and weren’t particularly convincing to anyone.

Now, especially with CSRF/XSS/iframe injection attacks on major websites, phishing gangs have a lot more ways to spoof legitimate looking URLs.

Central to Avalanche’s success is its use of fast-flux botnets to host phishing sites. The use of peer-to-peer communications makes it impossible for a single ISP or hosting provider to to pull the plug on the infrastructure. The gang also excels at launching attacks from a relatively small number of domain names that often appear confusingly identical to each other, such as 11f1iili.com and 11t1jtiil.com. Those abilities also fuel the success.

There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.

Curiously, Avalanche may turn out to be a victim of its own success.

The average uptime for each Avalanche phishing attack is much shorter than from other people due to awareness of their gang and tactics, obviously being infamous doesn’t work in their advantage. Perhaps time for them to rethink their strategies.

Remember anti-virus software, firewalls and even the anti-phishing features built into Internet Explorer and Firefox can’t really help with phishing, it’s more a social problem. So if you get the chance do try and educate the less tech-savvy around you about the risks.

You can find the full report here:

APWG_GlobalPhishingSurvey_2H2009.pdf

Source: The Register

Posted in: Phishing, Spammers & Scammers

, , ,


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


Comments are closed.