Cyveillance Report Identifies Shift in Phishing
Evolution with Emphasis on New Lucrative Global
Criminals Utilize Sophisticated Spear Phishing Techniques to Stay Ahead of Traditional Security
March 30, 2011 08:04 AM Eastern Daylight Time
ARLINGTON, Va.--(EON: Enhanced Online News)--Cyveillance, a world leader in cyber intelligence, today
announced that despite a decline in traditional phishing attack volume during the second half of 2010, the ability of
phishers to attempt successful fraud remained constant. The number of malicious urls discovered continued to
increase as fraudsters exploited social networking sites to deploy their malware. With greater diversity of attacks,
phishing continues to be a global problem, with nearly half of all new financial targets based in India and the Middle
East according to Cyveillance’s “2H 2010 Cyber Intelligence Report,” which was issued today.
The online fraud environment continued to flourish for cyber criminals in the second half of 2010, posing serious
danger to both consumers and businesses. Attackers continued to become more distributed, operating from regions
around the globe and leveraging distributed resources to evade detection and law enforcement efforts. The impact of
these sophisticated spear phishing attacks enabling social engineering attempts like the one associated with “Aurora”
or “Night Dragon,” can be devastating if undetected over a period of time.
“In today’s always-on environment, the challenge is staying one step ahead of online criminals,” said Panos
Anastassiadis, chief operating officer of Cyveillance. “Social engineering has been around for ages, but today through
social media, criminals have instant access to all the valuable personal information they need to target very specific
individuals and ultimately gain access to extremely valuable corporate information. It is critical for everyone to be
fully educated about the threats on the open Internet and how they have a responsibility for information security
within their organizations. The threats we face can no longer just be addressed with a technology solution alone.”
While banks and credit unions continue to be the top targets of phishers, social media sites remain a growing favorite
of online criminals due to the inherent nature of these users to share personal information. Cyber criminals are gaining
access to confidential information through simple searches in order to carry out elaborate social engineering scams.
This type of phishing relies on both technology and human interaction by manipulating people to perform actions or
divulge further information, resulting in greater financial benefits through online fraud or identity theft.
In addition to Cyveillance’s traditional phishing and malware statistics (see below), the report also includes test
results identifying how long it takes leading antivirus (AV) software vendors to detect new malware threats as they
are initially discovered in real-time. When Cyveillance fed active attacks through 13 of the top AV vendor1 offerings,
they identified that these solutions initially detect on average less than half of malware threats on day one. As a result,
visitors to a malicious website could have a more than one in two chance of being infected with malware.
Phishing. During the second half of 2010, Cyveillance detected a total of 114,797 phishing attacks for an average
of over 19,000 unique attacks per month with the volume remaining relatively steady throughout the half. The amount
of attacks seen monthly is down compared to the first half of the year (21,000 per month) and could be related to
the recent decline in spam, but the overall volume confirms that the problem of phishing is still easily one of the top
threats on the Internet. Specifically, the use of more sophisticated and targeted attacks result in greater success and
lucrative opportunities for online criminals. Cyveillance identifies phishing as a social engineering scam that relies on
both technology and human interaction to carry out online fraud and identity theft. The schemes are varied, but
typically involve a spoofed (spam) email that mimics an email from a legitimate and respected organization in order to
steal personal information, which is then used for online fraud, identify theft or unauthorized network access
Malware. The majority of malware threats on the Internet continue to originate within the United States and China.
The two countries lead in almost every significant malware statistical category. Other developed countries such as
Germany and the United Kingdom are not far behind, posing significant danger to Internet users. Cyveillance
considers malware to be a file or application downloaded from a website or server that exhibits properties that are
both involuntary and malicious in nature. There are many types of malware, ranging from “bot” programs used to
launch spam to DoS attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information or
targeting specific SCADA or industrial platform. While all malware presents a threat, the variations used for financial
fraud typically cause the most harm to consumers.
All figures and statistics2 in the Cyveillance “1H 2010 Cyber Intelligence Report” are actual measurements rather
than projections based upon sample datasets. The cyber intelligence included in this report includes data collected
and analyzed between July 1, 2010 and December 31, 2010. For more information or to download the report,
please visit: http://www.cyveillance.com/web/docs/WP_CyberIntel_H2_2010.pdf.
Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through
continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively
identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers
to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data
Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 200
million global consumers through its partnerships with security and service providers that include Blue Coat, AOL
and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more information, please
visit www.cyveillance.com or http://www.qinetiq-na.com.
1 Vendors tested included Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-
Prot, Virus Buster, Norman, eTrust-Vet and Symantec. (Trend Micro is a registered trademark of Trend
Micro Incorporated, Cupertino, CA; Sophos is a registered trademark of Sophos PLC, Oxfordshire,
England; McAfee is a registered trademark of McAfee, Inc., Santa Carla, CA; Kaspersky is a registered
trademark of Kaspersky Labs, London, England; F-Secure is a registered trademark of F-Secure Company,
Espoo, Finland; Dr. Web is a registered trademark of Dr. Web Co., Moscow, Russia; AVG is a registered
trademark of AVG Technologies, BRNO, Czech Republic; Nod32 is a registered trademark of Nod32
Corporation, Bratislava, Slovakia; F-Prot is a registered trademark of Fisk Software Intl Co, Reykjavik,
Iceland; Virus Buster is a registered trademark of Virus Buster, Ltd., Budapest, Hungary; Norman is a
registered trademark of Norman Company, Lysaker, Norway, and Symantec is a registered trademark of
Symantec Corporation, Mountain View, CA; eTrust-Vet is a registered trademark of CA, Inc., Islandia, NY).
Cyveillance’s comprehensive monitoring technology continuously sweeps the Internet – monitoring and
collecting information from over 200 million unique domain name servers, 190 million unique websites, 80
million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails and more.
This approach yields the discovery of more than 100,000 new sites each day.
Welz & Weisel Communications
Chris Leach, 703-877-8105