Study finds hosting providers offer phishing paradise

Share this article:

Hosting providers are the new target for phishing attacks, according to a study released Thursday.

The Anti-Phishing Working Group (APWG), an international consortium that serves as a clearinghouse for phishing attacks, reported its findings from the second half of 2012. It found that 47 percent of all phishing attacks involve shared web hosting, like WordPress or Joomla.

Rod Rasmussen, co-chairman of the APWG's internet policy committee and the CTO of security firm Internet Identity, said phishers typically compromise one person's website, and they use "various tricks" to gain access to the main web server, which yields a universal directory of sites hosted as part of that shared server space. Then, using some commands, the attackers are able to install a phishing page on every one of those trusted sites.

"All you need to do is to get into one account on the server, and you can compromise the rest," Rasmussen said.

Saboteurs prefer this tactic because it helps them avoid detection.

"It often passes the muster through the anti-spam vendors because the domain [the phishing page is] appearing on has been around for a while and has a decent reputation, " he said.

Rasmussen said companies like WordPress can help users avoid this fate by enforcing strong passwords and providing regular updates.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.