Internet Identity released its Phishing Trends Report: An Analysis of Financial Fraud Threats for Third Quarter 2009. Highlights of the report include:
Avalanche continued strong, comprising 36% of all phishing
- Several smaller banks targeted for the first time
- Avalanche phishing increased 70%
Attacks against government-controlled servers increased
- Worldwide, .gov domains were increasingly targeted
Top countries hosting non-Avalanche phishing attacks
US hosted 46%
- South Korea climbed, overtook Germany in September
Number of attacked brands down slightly
- Banks remain targeted by over 50% of volume
Malware Lab: Analyzing the Avalanche-distributed Zeus malware
Front Line Report: Why “technical” takedowns are a dangerous idea
The Zeus keystroke-logging Trojan has become the tool of
choice in 2009 for some very successful criminals, leading to over $100 million
in attempted losses as of October, according to the FBI. A public school
district in Pennsylvania lost $700,000 in a two-day attack, and a county
government in Kentucky lost $415,000 during a week-long attack. In the Kentucky case, the Zeus-based
attack circumvented the bank's multi-factor, out-of-band authentication and
authorization scheme. Details about the attacks may be found in the following
articles: "An Odessey of Fraud" and "The Pitfalls of Business Banking".
The Trojan enables the criminals to gain complete control of
an infected computer, which they then use to impersonate the rightful owner and
fraudulently authorize many high dollar value funds transfers, via ACH and
traditional wire methods.More information about Zeus and other malware can be found
in the following articles: "Crimeware: What I didn't know" and "Modern banker malware undermines two-factor authentication".
According to the Internet Crime Complaint Center (IC3) in an Intelligence Note released on November 3, the criminals have successfully
exploited small and medium businesses, municipal governments, and school districts.
The victimized institutions have tended to be local
community banks and credit unions, many of which use third party service
providers to process ACH transactions.According to the IC3, "FBI interviews revealed that the threat stems not
only from the malware involved in these cases, but the vulnerabilities
presented by the lack of controls at the financial institution or third-party
provider level.For instance, in
several cases banks did not have proper firewalls installed, nor antivirus
software on their servers or their desktop computers. The lack of
defense-in-depth at the smaller institution/service provider level has created
a threat to the ACH system."
The main distribution method for this Zeus Trojan has been
phishing-type e-mails and fake websites distributed and hosted by the Avalanche
criminal group.The Internet
Corporation for Assigned Names and Numbers (ICANN) has release a security advisory to all domain registrars about this attack vector.
APWG Phishing Activity Reports released
The Anti-Phishing Working Group (APWG) released two reports in late
September and early October, in advance of its General Meeting and eCrime
Researchers Summit 2009 held in Tacoma, WA on October 19-21. Internet Identity was
proud to serve as the Conference Planning Sponsor for the event.By all accounts we have received, the
Conference was enjoyed by all who attended.
The reports released included the Phishing Trends Reports - First Half 2009 and the Global Phishing Survey: Domain Name Use and
Trends in 1H2009. The Global Phishing Survey was co-authored
by Rod Rasmussen, president and CTO of Internet Identity.
The reports are available for download in PDF format at the links below:
In early September, a federal jury in California levied a
total of $32 million in damages from two Internet service providers that
knowingly supported websites that were running illegal operations. The jury
ruled that two ISPs knew about counterfeit Louis Vuitton goods that were being
sold on their customers' sites, but didn't act quickly to deactivate those
sites. Legal experts say the case could set an important precedent if companies
can prove that an ISP knowingly supports criminal websites -- such as those
used to commit fraud or copyright infringement -- but does not take them
offline.
And later in September, Eric Davis, the head of Google's
Anti-Malvertising team, urged ISPs to look beyond profits and take a more
proactive approach to dealing with malware-infested computers on their
networks. "The ISPs are in the best position to detected infected machines.
They're in the best place to do something about malware.They already have monitoring systems
that could be used to identify signs of malware and botnet activity.If they see abnormally high
e-mail activity, that's most likely spam from a botnet," Davis said.
The ISP industry appears to be responding to the pressure.
In September, the Internet Industry Association of Australia
drafted a new code of conduct that suggested ISPs contact, and in some cases
disconnect, customers that have malware-infected computers. The drafted code, which will not be mandatory, suggested
ISPs take a four-step approach to protecting customers.
Identification of compromised computers
Contact affected customer
Provision of information and advice to fix the compromised system; and
A reporting function for alerting about serious scale threats, such as those,
that may threaten national security.
In October in the Netherlands, 14 ISPs that comprise 98
percent of the consumer market there launched a joint effort to fight malware-infected
computers and botnets. The effort will include:
Exchange of relevant information among the
cooperating ISPs
Quarantine of infected computers
Notification of end users by their ISPs
Also in October, Comcast, the largest residential ISP in the
U.S., announce the launch of a trial implementation of its new Constant Guard
program, which delivers an in-browser notification "Service Notice", that will
alert customers whose computers appear to be infected with a bot (or virus) and
request that they go to the Anti-Virus Center and follow a set of instructions
to assist with removing the bot from their computer and thereby prevent it from
spreading to other users.
According to Jerry Upton, executive director of the Messaging
Anti-Abuse Working Group, "The new Comcast safeguards are in line with industry
best practices to help ISPs assist customers whose machines have been infected
with malware.By deploying the
technology to detect bots on their subscribers' computers, Comcast is providing
a service to their customers and contributing to safer messaging."
Secret Service teams
with Italy; Forms new task forces domestically
On June 30, 2009, the U.S. Secret Service announced a new
initiative with the Italian Postal Service to set up an international task
force to combat cyber crime. The European Electronic Crime Task Force will investigate
identity theft, hacking and other computer-based crime from a headquarters in
Rome. The initiative will be open to contributions from other European countries,
private IT operators and academic institutions.
On July 10, the Secret Service announce the expansion of its
domestic Electronic Crimes Task Force (ECTF) program with the addition of three
new ECTFs located in St. Louis, Kansas City, and New Orleans.The program builds regionally-based
public-private partnerships aimed at fighting high-tech and computer-based
crimes. The types of investigations handled by the Electronic Crimes Task
Forces encompass a wide range of computer-based criminal activity, including
network intrusions, hacking cases, identity theft, and other computer related
crimes affecting financial and other critical infrastructures.
The addition of these four new ECTFs brings the total number
of such task forces to 28.
Note: All advertised performance claims are based upon direct, real-world trials for clients and prospects against our competitors. References who can further substantiate these claims are available to qualified prospects upon request. We encourage you to compare our service performance against our peers head-to-head for yourself!