25/01/2012
Report shows 70% of both cybercriminals and targets are Chinese
San Diego, Ca
Unlike most phishers, Chinese phishers do not use many hacked domains. Instead, they continue to register new domains, on which they set up their phishing pages. "The majority of Chinese phishing appears to be perpetrated by Chinese criminals attacking Chinese companies, with 88% of such attacks targeting a single service: Taobao.com," said Greg Aaron, a co-author of the report for Afilias. "With .CN domains difficult for criminals to obtain these days, these phishers had a major impact on other TLDs, where domains and subdomains are often easier and cheaper to obtain."
Cybercrime gangs in the first half of 2011 also optimised a previously obscure tactic, taking over a virtual shared server and leveraging every website on it, massively multiplying the number of landing domains available for phishing attacks. "By utilising hundreds of sites on a web server with a single compromise, phishers can greatly leverage stolen resources to create a wide web of phishing sites," said Rod Rasmussen, President and CTO of Internet Identity and co-author of the report. "This also allows them to spam lures using a wider variety of 'good reputation' domain names which can help evade anti-spam systems. Fortunately, these sites last shorter than others given the level of compromise, so in the end the technique is of dubious efficacy."
The researchers reported that counting 42,448 unique attacks that utilised this tactic, each using a different domain name, representing 37 percent of all phishing attacks worldwide. This large number of domain names accounts for much of the increase in phishing seen versus the second half of 2010.
Though the report found cybercrime gangs advancing on a number of technical fronts, some metrics indicated that cybercrime was being partly suppressed by a number of preventative measures and the application of routinised responses to cybercrime events by industry.