Hosting providers are the new target for phishing attacks, according to a study released Thursday.
The Anti-Phishing Working Group (APWG), an international consortium that serves as a clearinghouse for phishing attacks, reported its findings from the second half of 2012. It found that 47 percent of all phishing attacks involve shared web hosting, like WordPress or Joomla.
Rod Rasmussen, co-chairman of the APWG’s internet policy committee and the CTO of security firm Internet Identity, said phishers typically compromise one person’s website, and they use “various tricks” to gain access to the main web server, which yields a universal directory of sites hosted as part of that shared server space. Then, using some commands, the attackers are able to install a phishing page on every one of those trusted sites.
“All you need to do is to get into one account on the server, and you can compromise the rest,” Rasmussen said.
Saboteurs prefer this tactic because it helps them avoid detection.
“It often passes the muster through the anti-spam vendors because the domain [the phishing page is] appearing on has been around for a while and has a decent reputation, ” he said.
Rasmussen said companies like WordPress can help users avoid this fate by enforcing strong passwords and providing regular updates.