Phishing declines as attackers shift strategy
Throughout 2008, phishing attacks were present in 0.5 percent of all spam, but during the first half of 2009, they dropped to 0.1 percent, according to IBM's mid-year security report, released this week by the company's X-Force research and development team.
Meanwhile, between 2008 and the first half of this year, the number of new malicious web links rose by 508 percent.
The drop in phishing and jump in malware likely are related, Holly Stewart, an X-Force researcher and primary author of the report, told SCMagazineUS.com on Thursday.
“It seems phishing is -- quote-unquote -- getting better,” Stewart said. “They are using more lucrative tactics such as using malware.”
Malware is “easier and more profitable” for an attacker because it often simply requires getting a user to click a malicious link, Stewart said. If users click on that link, they often are hit with a drive-by-download, in which a malicious page exploits vulnerabilities in browsers, PDF readers or ActiveX controls -- without the user's knowledge. If these applications are not patched, the user's PC will be infected with malware that, for example, monitors for banking credentials and other personal data.
Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com on Thursday that she is not surprised by IBM's findings. As a trend, cybercriminals are switching from phishing to more “surreptitious” malware attacks, she said. One reason for this shift is that email filtering mechanisms have been fairly successful at stopping the proliferation of phishing attacks.
“We are hearing a lot more about malware and browser-based trojans than we are about phishing,” Litan said.
In addition, a separate mid-year threat report, put out by Kaspersky Lab, supports IBM's findings that phishing is on the retreat. During the first half of 2009, the amount of phishing emails has fallen month after month, Kaspersky's report states.
“Cybercriminals now find phishing a less profitable and less attractive tactic,” the company said.
Phishing will likely ramp up at the end of the year with campaigns around the winter holidays, Dean Turner, director at Symantec's global intelligence network, told SCMagazineUS.com on Thursday.
“Over the first six months we too have seen a decline,” he said.
Generally, cybercriminals focus their phishing efforts around the end-of-year holidays and then decrease phishing toward the beginning of the year, Turner added.
Meanwhile, during the first half of the year, IBM's report found that attackers have been increasingly attacking more current vulnerabilities, and exploits targeted at PDF readers have dramatically increased, Stewart said.
“Last year we saw attackers try to target vulnerabilities that were one to three years old,” Stewart said. “Now, the top five exploits are fairly current.”
The top two most popular exploits use ActiveX controls in Microsoft products. And for the first time, a PDF exploit, which targets a vulnerability in Adobe Acrobat and Reader, made it into the top five.
“The sheer biggest threat is the increased use of documents to deliver exploits, like PDFs,” Stewart said.
Besides updating browsers and operating systems, users should keep all other applications patched as well, she said.