TMCnet News
APWG Q4 Report: Phishers Target Retail Sites While Crimeware Proliferation ExplodesThe APWG reports in its new Phishing Activity Trends Report that during the 4th quarter of 2014, a record number of crimeware variants were detected, a strategy of overwhelming proliferation of variations designed to defeat antivirus software. Meanwhile, phishers increasingly targeted retail and service sites, hoping to take advantage of the burgeoning numbers of online shoppers. During the 4th quarter of 2014 the number of malware variants figure broke a new record, with 23,500,000 malware samples detected--an average of 255,000 new threats each day, according to Trends Report contributor, PandaLabs. This was up 59 percent from 160,000 samples per day in the second quarter of 2014. Never in the history of computer security has the amount of new malware created been so high, according to Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst. The great majority of these malware strains are variants of existing malware modified by their creators to evade antivirus software used by Internet consumers. The escalating numbers illustrate the adaptability of the code and the creativity of the malware authors in extending the polymorphic obscuration scheme to such a degree. About one-third of computers worldwide were probably infected with malware of some sort, according to Corrons. Retail/Service was the most-targeted industry sector in the fourth quarter of 2014, representing 29.37 percent of phishing sites, not a great surprise during the holiday season. Payment Services continued to be popular targets, with 25.13 percent of attacks during the three-month period, according to APWG member Internet Identity. "The final quarter of 2014 also witnessed a raft of email-based phishing attempts against well-established financial institutions, possibly timed to coincide with both the holiday spending increase and heightened consumer fears in the wake of corporate security breaches," said Carl Leonard, Principal Security Analyst, Websense Security Labs. The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2014.pdf Additional reporting, analysis and collaborative response programs will be discussed at the annual APWG eCrime Conference in Barcelona, May 26-29: Https://apwg.org/apwg-events/ecrime2015/ About the APWG The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org, apwg.eu and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the Symposium on Electronic Crime Research, the world's only peer-reviewed conference dedicated specifically to electronic crime studies https://apwg.org/apwg-events/ecrime2015/. Among APWG's corporate sponsors are as follows: AT&T(T), Afilias Ltd., AhnLab, Area 1, Avast!, AVG Technologies (News - Alert), AXUR, BBN Technologies, Bangkok Bank, Barracuda Networks, Baidu Antivirus, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC Digital Brand Services, Check Point Software Technologies, Comcast, CSIRTBANELCO, CyberIQ, Cyber Defender, Cyveillance, DigiCert, Domain Tools, DNS Belgium, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert, ESET, EST Soft, Facebook (News - Alert), FEDEX (FDX), Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, Internet.bs, iZOOlogic, IT Matrix, LaCaixa, Lenos Software, MailShell, Malcovery, MarkMonitor, M86Security, McAfee (News - Alert) (MFE), Melbourne IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MX Tools, NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Procera, Proofpoint, Qihoo 360 Technology, Rakuten, Return Path, RSA Security (EMC (News - Alert)), RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SilverPop, SiteLock, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, Square, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (News - Alert) (TEF), TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI), VeriSign (VRSN), Websense Inc. (WBSN), Wombat Security Technologies, Yahoo! (YHOO), and zvelo.
|
