Professional Documents
Culture Documents
May 2013
While it is true that most cyber attacks orchestrated by hacktivists focus on DDoS onslaughts targeting authority-type entities and banks, all too many times they add a sting to the operation and hack into immense databases containing personal user information. On their quest for notoriety and media attention to make a statement, critics say that hacktivists tend to cross the line when they publicly release untold amounts of data, providing links to the trove and facilitating its free-for-all download. Some hacktivists will call out every target on their list and post their threats publicly and well in advance, while those targeted will prepare to fend off the attack and advise users as needed. But at the end of the day, it is often the innocent online user that takes the hardest hit when their information is leaked across the Internet.
For fraudsters, the large-scale hacks are like candy. Hacktivists will set up publicly available download links for anyone to be able to see the exposed databases, their hunting trophy, and end their part there. But as soon as the links are public, cybercriminals and fraudsters will access and download it before it is taken down by the hosting authorities. By that time, the real damage to the end user is done. Large hacks containing a database replete with email addresses, not to mention payment cards or other financial data, are an attractive reward for phishers to come for and discuss in underground communities. Instead of having to do their own hacking, collecting and stealing, they can enjoy the spoils and bank on the freshly dumped data, compliments of zealous hacktivists, paving a shortcut to a variety of fraud scenarios including: Monetizing gaming account credentials by selling them to other gamers Enjoying a list of valid email addresses to target with phishing spam Leading potential victims to phishing and malware sites and getting paid per install Harvesting financial information that can be sold to fraudsters and CC shops Using leaked and stolen data for fraud and identity theft Checking what other accounts a user has, because as recent research shows, 61% of accounts are set-up with passwords used on other consumer accounts. Its easy to see how an attack that stems from idealistic motivations, targeting very large entities and supposedly conceived in order to protect peoples rights to information, ends up serving the fraudsters and flooding the Internet with confidential data. With the variety of actors that gain access to information publicly posted online, hacktivists end up inadvertently damaging the very people whose interests they claim to represent.
CONCLUSION
The number of phishing attacks recorded monthly is known to vary, fluctuating upwards and downwards, and theres limited capability to forecast a trend that is so dependent on fraudster resources. Although totals are often tricky to predict, some seasonal trends do repeat every year such as the holiday shopping season when a rise in phishing is almost expected. Adding to that list, we can include large database hacks that release the information on millions of users into the wild. Phishing attacks in April 2013 have so far only shown a moderate increase over the previous month, but with constant headlines such as the recent announcement of over 40,000 Facebook accounts allegedly hacked, we may just see a rise before the quarter is out.
page 2
Phishing Attacks per Month In April, RSA identified 26,902 attacks launched worldwide, marking a 10% increase in attack volume from March.
60000
51906
59406
350 300 Number of Brands Attacked In April, 311 brands were targeted in phishing attacks, marking a 20% increase from last month. Of the 311 targeted brands, 52% endured five attacks or less. 250 200 150 100 50 0
Apr 12 May 12 Jun 12 Jul 12 Aug 12
288 298 259 242 290
311
page 3
Jan 13
Feb 13
Mar 13
Apr 13
Apr 12
May 12
Jun 12
Jul 12
Aug 12 Sep 12
Sep 12 Oct 12
Oct 12 Nov 12
Nov 12 Dec 12
Dec 12 Jan 13
Feb 13
Mar 13
Apr 13
100
US Bank Types Attacked U.S. nationwide banks continued to be targeted by the highest volume of phishing attacks (73%) in April, while regional banks saw a slight decline from 20% to 12%.
80
7% 11%
20%
10% 12%
11%
11%
9%
9%
12% 9%
6% 15%
15%
8%
17%
15%
18%
15%
15%
14%
14%
15%
23%
23%
12%
60
40
20
82% 62% 78% 74% 74% 77% 77% 79% 79% 70% 69% 60% 73%
Australia
South Korea
Canada
China
Germany
UK
Canada 4% Netherlands 4%
Top Countries by Attack Volume The U.S. remained the top country on the chart, targeted with 46% of the total phishing volume in April. The UK accounted for 11% of the attack volume, a 2% decline from March while South Africa remained the same with 9% of attack volume.
India 8%
Apr 12
May 12
Jun 12
Jul 12
Aug 12
Sep 12
Oct 12
Nov 12
Dec 12
Jan 13
Feb 13
Mar 13
Apr 13
page 4
US
S Africa
China
Italy
Canada
Netherlands
India
Bra
Brazil 4% Australia 4%
Top Countries by Attacked Brands U.S. brands were targeted by 29% of total phishing volume in April, followed by brands in the UK at 10%. Brands in India, Australia and Brazil were collectively targeted by 15% of phishing volume.
India 7%
U.S. 29%
US
S Africa
Canada
Netherlands
India
United Kingdom 4%
Top Hosting Countries The U.S. remained the top hosting country in April, hosting 47% of global phishing attacks (down 4%). Germany, Canada, the Netherlands, UK and Russia together hosted just over 20% of additional volume.
Canada 5%
Germany 6%
U.S. 47%
page 5
CONTACT US
To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at www.emc.com/rsa
www.emc.com/rsa
2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAY RPT 0513