APWG Report: Fraudsters Seek New Victims and Brands to Exploit in Untapped Markets

Cybercrime gangs drop co-opted hosting infrastructure in Russia;
turn focus to Kazakhstan

CAMBRIDGE, Mass. – Nov. 6, 2013 – The APWG reports in its new Phishing Activity Trends Report that a record number of brands were targeted by phishers in the second quarter of 2013. A total of 639 unique brands were targeted by phishing attacks in the period, topping the previous high of 614 seen in the fourth quarter of 2012. The trend indicates that cybercrime gangs are spending time looking for new companies and Internet users to victimize. The total number of unique phishing websites was up slightly, from 118,073 in Q1 to 119,101 in Q2.

"The landscape continues to evolve as fraudsters seek new victims in untapped markets by targeting more brands,” said Ihab Shraim, CISO and Vice President Anti-Fraud Engineering and Operations at MarkMonitor.

The report also documents other shifts in criminal behavior. Russia has traditionally been near the top of the list of countries where phishing websites have been hosted. But in June 2013, phishing on Russian hosting facilities almost disappeared, with Kazakhstan suddenly appearing in the number 2 spot. A spate of phishing websites hosted in Hong Kong flared and then disappeared in April. And in May, Germany briefly surpassed the United States as the top country hosting websites serving up phishing-based Trojans and downloaders.

“The portability of a phishing infrastructure is well-documented, and criminals continue to attempt to evade detection and shut-downs by moving their infrastructure around,” said Carl Leonard of Websense Security Labs.

The amount of new malware samples continued to rise. In the second quarter of 2013, 12 percent more unique malware samples were identified than in the same period last year, and an increase of 17 percent in 2013. Trojans were the most popular, accounting for 77.2 percent of all new malware created.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf

About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated specifically to electronic crime studies www.ecrimeresearch.org. APWG.EU, the APWG’s European Union chapter, was established in October, 2013 as non-profit research foundation headquartered in Barcelona, Spain.

Contact:
APWG
Peter Cassidy, +1 617-669-1123
pcassidy@apwg.org