Home / Blogs

2012 Global Phishing Trends: Uptime Down, Numbers Up

Ram Mohan

Despite security advances over the past year, including the increased deployment of DNSSEC, pirates continue to wreak havoc on the Internet. But before you decide that Internet security innovations are futile, consider this: online criminals are just like burglars in the physical world; they don't take new ways of blocking their best efforts lying down. They come up with new and, in some cases, stronger plans of attack.

Proof of that is in the most recent report from the Anti-Phishing Working Group (APWG), whose mission is to combat phishing on a worldwide scale by eliminating fraud, crime and identity theft. Professionals from a broad spectrum of industries comprise the group and Afilias is proud to be a supporter and a steering group member.

The report, Global Phishing Survey: Trends and Domain Name Use in 1H2012, contains mixed news.

The good news is that the average uptime of phishing attacks is down. The longer a phishing attack remains active, the more money the targeted individuals and institutions lose. That means uptimes are a good indicator of how successful efforts to block phishing attacks have been. In 1H2012, uptimes fell to a record low of 23 hours and 10 minutes. That's approximately half of what it was in late 2011, and it is by far the lowest uptime recorded since the APWG began issuing the semi-annual report in 2008.

The bad news? The survey found that while the duration of the attacks fell, the number of them increased. During 1H2012, there were at least 93,462 attacks — 12 percent more in the same time period a year earlier.

Trends to Note

The report also contains a number of findings for further consideration.

First, phishers continue to abuse services related to subdomains. Accordingly, the trend of phishers registering subdomains more frequently than regular domain names continues since subdomains can be more difficult to spot than second-level domains. In 1H2012, there were 13,307 phishing attacks hosted on subdomain services compared to 7,712 that used second-level domains. However, the overall use of subdomains for phishing purposes fell from 21 percent of all attacks to just 14 percent.

As phishers focus on larger and more popular targets, the number of targeted institutions continues to decrease. There is also a growing emphasis on gaining access to e-mail accounts, which phishers use to spam from whitelisted services such as Gmail, Hotmail and Yahoo.

China continues to be a hot spot for phishing-related activity. The report notes that phishers who attacked Chinese institutions were responsible for two-thirds of all the malicious domain name registrations made in the entire world. While the phishers didn't use .CN domain names, they did use both Chinese and non-Chinese registrars.
South America is often cited as a region that's experiencing tremendous economic growth. Unfortunately, it's also a region where Web servers that are compromised by phishers is a growing phenomenon.

The extent to which phishing attacks proliferate — or become a real but benign fact of life — is up to all of us whose work involves Internet security. If that's you, I recommend you read the APWG report in its entirety.

By Ram Mohan, Executive Vice President & CTO, Afilias

Related topics: DNS Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi

Neustar Launches Enterprise Professional Services Offerings

ARI Registry Services Expands Top-Level DNS Services With Bold Plans

What's in a Name Server?

DNS ROI: 5 Reasons Slow Website Speed Kills and Why Uptime Is a Necessity

Nominum Releases New Version of Carrier-Grade DHCP Software for Telecom Providers

SPECIAL: Updates from the ICANN Meetings in Prague

SPECIAL: Updates from the ICANN Meetings in Costa Rica

Being a .PRO When Choosing a Registry Services Partner

Sponsored Topics