SlideShare a Scribd company logo

Cyber Intelligence Report Whitepaper by Cyveillance

NAFCU Services Corporation
NAFCU Services Corporation

The second half of 2010 saw online fraud scams continue to grow and evolve in geographical reach and technical complexity. User protection against these blended malware-based scams such as traditional antivirus (AV) products still cannot adequately detect and protect against new and quickly changing threats on the Internet, leaving consumers exposed to the shifting cyber dangers. Learn what kind of fraud attacks are on the rise so you can combat them before they hit your credit union members and learn what the experts at Cyveillance see coming this year. Learn more about Cyveillance, online fraud, anti-phishing and secure social media management at http://www.nafcu.org/cyveillance.

Business
1 of 10
Download to read offline
WHITE PAPER Cyber Intelligence Report A Cyveillance Report March 2011
Cyber Intelligence Report EXECUTIVE SUMMARY The second half of 2010 saw online fraud scams continue to grow and evolve in geographical reach and technical complexity. User protection against these blended malware-based scams such as traditional antivirus (AV) products still cannot adequate- ly detect and protect against new and quickly changing threats on the Internet, leaving consumers exposed to the shifting cyber dangers. The majority of malware threats on the Internet continue to originate within the United States and China. These two coun- tries lead in almost every significant malware statistical catego- ry, which is not surprising given both countries’ large population and significant Internet presence. Other developed countries do not provide the same volume of threats as the U.S. and China, but still pose significant danger to Internet users. Phishing attack volume declined during the second half of 2010 compared to the first half of the year, averaging over 19,000 con- firmed, unique attacks per month. However, the level of sophis- tication and emphasis on targeted attacks continues to rise. As a result, despite the number of attacks going down, the ability of phishers to be successful has risen significantly as evidenced by the growing number of highly-targeted spear phishing attacks and Advanced Persistent Threats (APTs) reported during the half. Overall, phishing continued to grow as a global problem, with nearly half of all new financial targets based in India and the Middle East. »2
Cyber Intelligence Report CYBER INTELLIGENCE USED IN THIS REPORT Except where otherwise noted, the cyber intelligence included in this report includes data col- lected and analyzed between July 1, 2010 and December 31, 2010. The report illustrates aggre- gate cyber intelligence findings that Cyveillance has delivered to its customers and partners. The intelligence detailed in this report includes the following: • Analysis of malware detection rates of leading AV products • Phishing trends along with industries and unique businesses targeted by phishing attacks • A breakdown of the malware distribution chain by geographic location APPROACH To produce the cyber intelligence used in this report, Cyveillance has leveraged its patented Internet-monitoring technology platform. The technology continually sweeps the Internet, col- lecting information from more than 200 million unique domain names and 190 million unique Web sites, 80 million blogs, 90,000 message boards, thousands of IRC/chat channels, billions of spam emails, shortened URLs and more. Unless otherwise stated, it is also important to note that all figures and statistics included in this report are actual measurements as collected by Cyveillance Internet-monitoring technolo- gy rather than statistical projections based upon sample datasets. DOES ANTIVIRUS SOFTWARE PROVIDE ADEQUATE PROTECTION AGAINST MAL- WARE?To better understand the risks consumers face daily from the Internet and given the contin- ued rise of active malware on the Internet, Cyveillance tested malware uncovered on the Internet against many of the top AV products. On a daily basis, Cyveillance detects hundreds to thousands of new malware attacks. To measure the effectiveness of some of the most widely used solutions, Cyveillance ran these active attacks through 13 of the top AV vendor offerings. All AV offerings were continuously patched and updated with the latest signatures. The data was delivered in real time and consisted of only confirmed malicious files. The average non-detection rates of the solutions used during the second half of 2010 are below: Figure 1 – Percent of Malware Not Detected on Day One Source: Cyveillance These companies have U.S. copyrights for their corporate names and/or products listed in the chart above, and are listed only to indicate the research results for informational purposes and no other. »3
Cyber Intelligence Report As the results show, almost all of the most popular AV solutions detect less than half of the latest malware threats on day one. So if you visit a malicious website you could have a more than one in two chance of being infected with malware. MALWARE Since 2006, Cyveillance has tracked an online “fraud chain” comprising malware components that store and serve malware executables, distribute malware to consumers, and receive and store the confidential information collected from infected computers. The following are defini- tions related to the fraud chain components analyzed in this report: 1. Malware Hosting Sites - sites hosting and serving up the actual binary malware files 2. Malware Distribution Sites -tainted Web sites that distribute malware to their visitors 3. Malware Drop Sites - sites that collect sensitive and personally identifiable information UNITED STATES AND CHINA HOST OVER A THIRD OF ALL MALWARE EXECUTABLES Malware hosting sites store and serve up malware executables. These sites typically deliver their binary files based upon inline references located on the malware distribution sites. Servers locat- ed in the United States and China host over a third of all malware executables, representing 38% of malware binaries found during the second half of 2010. Figure 2 – Top Malware Hosting Locations 2H 2010 % of All Country Sites United States 25% China 13% United Kingdom 11% Germany 6% Korea 3% Russian Federation 3% Canada 2% France 2% Brazil 2% Netherlands 1% All Others 33% Source: Cyveillance UNITED STATES AND CHINA DISTRIBUTE MORE THAN HALF OF ALL MALWARE Malware distribution sites are used to attract Web surfers for the purpose of installing mali- cious code on their computers. Visitors to these sites are infected with malicious software that is installed from the malware hosting sites previously described. Distribution sites are typically established as a means of targeting specific types of Internet users. As illustrated below and similar to results of the preceding section, the United States and China are responsible for dis- tributing well over half of all malware on the Internet. »4
Cyber Intelligence Report Figure 3 – Top Malware Distribution Site Locations 2H 2010 % of All Country Sites China 32% United States 27% United Kingdom 12% Korea 4% Canada 4% Germany 2% Spain 2% Russian Federation 2% France 2% Netherlands 2% All Others 9% Source: Cyveillance MALWARE USED FOR FINANCIAL FRAUD There are many types of malware, ranging from “bot” programs used to launch spam and denial of service (DoS) attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information. While all malware presents a threat, the variations used for financial fraud typically cause the most harm to consumers. The following types of malware usually reside unnoticed on the user’s computer while forwarding personal information to a master server controlled by criminals: • Keyloggers: programs that, without user knowledge, track and record activities such as sites visited and keystrokes made; these are then uploaded to an outside Web server • Downloaders: programs that contain location and login information for malware servers. When evoked, the programs contact the remote malware server to facilitate additional malware downloads to the host computer • Backdoors: programs that allow unauthorized access to information or computer resources by bypassing security mechanisms • Bot Clients: applications that allow unauthorized access to and/or control over a user’s computer in order to help facilitate malicious activity such as spamming or DoS attacks • Re-Directors: applications that redirect a browser to a fraudulent website when the user enters a legitimate URL in the browser’s address bar • Data Miners: programs that collect and analyze information without the user’s knowledge »5
Cyber Intelligence Report USA, GERMANY AND CHINA HOST OVER HALF OF ALL MALWARE DROP SITES Malware drop sites are established to collect the information from infected computers that use key- loggers, screen scrapers and other approaches to passively harvest sensitive personal information. Three countries, the United States, Germany and China, host over half of all malware drop sites on the Internet. Figure 4 – Top Malware Drop Site Locations 2H 2010 % of All Country Sites United States 23% Germany 16% China 15% Russian Federation 5% India 5% Taiwan 5% Brazil 4% Poland 2% Korea 2% Spain 1% All Others 23% Source: Cyveillance PHISHING During the second half of 2010, Cyveillance detected a total of 114,797 phishing attacks for an average of over 19,000 unique attacks per month for the period. The amount of attacks seen monthly is down compared to the first half of the year and could be related to the recent decline in spam, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Specifically, the use of more sophisticated and targeted attacks result in greater success and more lucrative opportunities for online criminals. While the number of spam attacks is down, the threat of phishing attacks continues to remain high as phishers become cleverer in their attack schemes. Figure 5 – Phishing Attack Volume 2H 2010 Source: Cyveillance »6
Cyber Intelligence Report UNITED STATES HOSTS NEARLY HALF OF ALL PHISHING ATTACKS Phishing is a social engineer- The United States hosted 41% of all phishing attacks for the 2nd half of 2010, more than the ing scam that relies on both remainder of the top 10 countries combined. technology and human inter- action to carry out online Figure 6 – Phishing Hosting Location 2H 2010 fraud, identity theft or attempts to breach corporate Country % of All Sites networks. The schemes are United States 41% varied but typically involve a Netherlands 6% spoofed (spam) email that Great Britain 5% mimics an email from a legiti- Germany 4% Canada 4% mate and respected organiza- France 3% tion. The email solicits the Italy 2% recipient to click on a link in Australia 2% order to update account infor- Malaysia 2% mation or view a marketing Russian Federation 2% promotion. After clicking on All Others 28% the link, the individual is con- Source: Cyveillance nected to a counterfeit web- site that requests sensitive 84 ORGANIZATIONS WERE PHISHING TARGETS FOR THE FIRST TIME IN SECOND personal information (e.g., HALF OF 2010 username and password, During the second half of 2010, 84 brands were first-time targets of phishing attacks, which is credit card number, Social a decrease from the first half of the year. As usual, the overwhelming majority of the new tar- Security number, etc.). The gets are related to the financial industry. A large portion of these new targets are based in India information collected is then and the Middle East, providing further evidence that the problem of phishing continues to grow used for purposes of identity globally and criminals are constantly looking for new revenue growth opportunities. Overall, theft or accessing secure Cyveillance has documented nearly 3,000 unique brands attacked since 2005. data. Figure 7 – Total Unique Brands Phished through 2H 2010 Source: Cyveillance »7
Cyber Intelligence Report Figure 8 – New Brands Attacked 1H – 2009 2H -2009 1H - 2010 2H - 2010 200 399 109 84 Source: Cyveillance Figure 9 – New Brands Attacked for First Time in 2H 2010 by Industry Source: Cyveillance Figure 10 – Total Unique Brands Attacked Since 2005 by Industry Source: Cyveillance »8
Cyber Intelligence Report MANY PHISHING TACTICS RELATIVELY UNCHANGED As illustrated in Figure 11 and based on sampled data, phishers’ use of a target’s brand name or variation of the brand name in the domain name remains low at 8% of attacks. However, the use of a target’s brand name in the overall phishing attack URL rather than just the domain name is significantly higher at 60%. The cause for the disparity between the two stats is due to the extra effort required from the phisher to obtain the domain as well as increased likelihood of the attack being detected from anti-phishing companies monitoring new domain name registrations. Including the target’s brand name in the URL involves nothing more than a few keystrokes while setting up the attack. Additionally, phishers frequently launch attacks using compromised Web servers. While there is not a practical way to secure all servers on the Internet, Web masters could make setting up attacks more difficult for the phishers simply by keeping their software up to date and moni- toring file structures. Figure 12 – Phishing Attack Trends 1H 2010 1H 2009 2H 2009 1H 2010 2H 2010 Percentage of phishing attacks that only use an IP address: 8% 10% 9% 8% Percentage of phishing URLs that use brand name: 46% 49% 52% 60% Percentage of phishing domains that use brand name: 4% 4% 3% 3% Percentage of phishing attacks that use a compromised site: 59% 56% 62% 64% Source: Cyveillance CONCLUSION The online fraud environment continued to flourish for cyber criminals in the second half of 2010, posing serious danger to both consumers and businesses. Attacks continued to become more distributed, operating from regions around the globe and leveraging distributed resources to evade detection and law enforcement efforts. With nearly half of all new financial phishing targets based in India and the Middle East, the increasing global nature of online fraud is evi- dent. Cyveillance also continued to see growth in the volume of highly targeted attacks such as spear and whale phishing, frequently associated with Advanced Persistent Threats (APTs). As evi- denced in the Aurora attack earlier in 2010, the impact of these attacks can be devastating if undetected over a period of time. Looking forward to first half of 2011 and beyond, Cyveillance expects to see: • Traditional phishing attacks remaining a significant issue for organizations due to the continued expansion of attack vectors such as blended attacks with malware. »9
Cyber Intelligence Report • Increased use of advanced technologies such as the automation of spear phishing attacks, especially for attacks attempting to gain access to corporate networks and secure data • Increased targeting of cell phones and mobile devices for malware attacks and fraud schemes. • Targeting of medical records and exploiting social media sites where people disclose their illnesses. • More targeted malware to penetrate specific industrial platforms. • The continued exploitation by criminals of social networking sites and Web 2.0 functionality for purposes of online fraud, malware distribution and accessing corporate networks for data exfiltration. • The continued use of brand abuse tactics for the distribution of malware, deceiving consumers and impacting the credibility of company brands. ABOUT CYVEILLANCE Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and cus- tomer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 100 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more informa- tion, please visit www.cyveillance.com or www.qinetiq-na.com. Copyright © 2011 Cyveillance, Inc. All rights reserved. Cyveillance is a registered trademark of Cyveillance, Inc. All other names are trademarks or registered trademarks of their respective owners. Cyveillance, Inc, 1555 Wilson Boulevard Suite 406 Arlington, VA 22209-2405 888.243.0097 www.cyveillance.com info@cyveillance.com » 10

Recommended

The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
Temp3
Temp3Temp3
Temp3Mitra Ardron
 
Geographic regions of virginia step by step
Geographic regions of virginia step by stepGeographic regions of virginia step by step
Geographic regions of virginia step by stepfijiflip
 
Weekmenu: Het Ideale Crossmediale Concept
Weekmenu: Het Ideale Crossmediale ConceptWeekmenu: Het Ideale Crossmediale Concept
Weekmenu: Het Ideale Crossmediale ConceptSanomaMedia
 
Feminism
FeminismFeminism
Feminismgermsincolor
 
Ascensus Credit Union Education Catalog 2012
Ascensus Credit Union Education Catalog 2012Ascensus Credit Union Education Catalog 2012
Ascensus Credit Union Education Catalog 2012NAFCU Services Corporation
 
Trabalho nº4
Trabalho nº4Trabalho nº4
Trabalho nº4Rui Lopes
 

Recommended

The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
Temp3
Temp3Temp3
Temp3Mitra Ardron
 
Geographic regions of virginia step by step
Geographic regions of virginia step by stepGeographic regions of virginia step by step
Geographic regions of virginia step by stepfijiflip
 
Weekmenu: Het Ideale Crossmediale Concept
Weekmenu: Het Ideale Crossmediale ConceptWeekmenu: Het Ideale Crossmediale Concept
Weekmenu: Het Ideale Crossmediale ConceptSanomaMedia
 
Feminism
FeminismFeminism
Feminismgermsincolor
 
Ascensus Credit Union Education Catalog 2012
Ascensus Credit Union Education Catalog 2012Ascensus Credit Union Education Catalog 2012
Ascensus Credit Union Education Catalog 2012NAFCU Services Corporation
 
Trabalho nº4
Trabalho nº4Trabalho nº4
Trabalho nº4Rui Lopes
 
Science jeopardy
Science jeopardyScience jeopardy
Science jeopardyfijiflip
 
Mind Map - Time
Mind Map - TimeMind Map - Time
Mind Map - Timemichaelmifsud
 
Shotlist
ShotlistShotlist
Shotlisthannahbutters
 
RightNow Consumer Retail Report
RightNow Consumer Retail ReportRightNow Consumer Retail Report
RightNow Consumer Retail ReportRightNow_Surveys
 
Daily Affirmations
Daily AffirmationsDaily Affirmations
Daily Affirmationsmartyncgreen
 
2005 cpr 之修訂1
2005 cpr 之修訂12005 cpr 之修訂1
2005 cpr 之修訂1u001072
 
PAPELES
PAPELESPAPELES
PAPELESNeddy Cuyo Ramos
 
Four Mortgage Metrics that Matter Handouts
Four Mortgage Metrics that Matter HandoutsFour Mortgage Metrics that Matter Handouts
Four Mortgage Metrics that Matter HandoutsNAFCU Services Corporation
 
Karl
KarlKarl
KarlKarlHan
 
Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient? Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient? NAFCU Services Corporation
 
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...NAFCU Services Corporation
 
Integrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | VantivIntegrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | VantivNAFCU Services Corporation
 
Taller para cartografos de suelos
Taller para cartografos de suelosTaller para cartografos de suelos
Taller para cartografos de suelosCarlos Mendez
 
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014NAFCU Services Corporation
 
Debt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | SecurianDebt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | SecurianNAFCU Services Corporation
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models NAFCU Services Corporation
 
Strategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ MyersStrategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ MyersNAFCU Services Corporation
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...NAFCU Services Corporation
 
Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number? Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number? NAFCU Services Corporation
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...NAFCU Services Corporation
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comNAFCU Services Corporation
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...NAFCU Services Corporation
 

More Related Content

Viewers also liked

Science jeopardy
Science jeopardyScience jeopardy
Science jeopardyfijiflip
 
RightNow Consumer Retail Report
RightNow Consumer Retail ReportRightNow Consumer Retail Report
RightNow Consumer Retail ReportRightNow_Surveys
 
Daily Affirmations
Daily AffirmationsDaily Affirmations
Daily Affirmationsmartyncgreen
 
2005 cpr 之修訂1
2005 cpr 之修訂12005 cpr 之修訂1
2005 cpr 之修訂1u001072
 
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...NAFCU Services Corporation
 
Integrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | VantivIntegrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | VantivNAFCU Services Corporation
 
Taller para cartografos de suelos
Taller para cartografos de suelosTaller para cartografos de suelos
Taller para cartografos de suelosCarlos Mendez
 

Viewers also liked (13)

Science jeopardy
Science jeopardyScience jeopardy
Science jeopardy
 
Mind Map - Time
Mind Map - TimeMind Map - Time
Mind Map - Time
 
Shotlist
ShotlistShotlist
Shotlist
 
RightNow Consumer Retail Report
RightNow Consumer Retail ReportRightNow Consumer Retail Report
RightNow Consumer Retail Report
 
Daily Affirmations
Daily AffirmationsDaily Affirmations
Daily Affirmations
 
2005 cpr 之修訂1
2005 cpr 之修訂12005 cpr 之修訂1
2005 cpr 之修訂1
 
PAPELES
PAPELESPAPELES
PAPELES
 
Four Mortgage Metrics that Matter Handouts
Four Mortgage Metrics that Matter HandoutsFour Mortgage Metrics that Matter Handouts
Four Mortgage Metrics that Matter Handouts
 
Karl
KarlKarl
Karl
 
Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient? Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient?
 
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
Undaunted: How Credit Unions Can Thrive in the New Financial Services Environ...
 
Integrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | VantivIntegrating Credit Cards into Your Overall Payments Strategy | Vantiv
Integrating Credit Cards into Your Overall Payments Strategy | Vantiv
 
Taller para cartografos de suelos
Taller para cartografos de suelosTaller para cartografos de suelos
Taller para cartografos de suelos
 

More from NAFCU Services Corporation

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014NAFCU Services Corporation
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models NAFCU Services Corporation
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...NAFCU Services Corporation
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...NAFCU Services Corporation
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comNAFCU Services Corporation
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...NAFCU Services Corporation
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...NAFCU Services Corporation
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...NAFCU Services Corporation
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesNAFCU Services Corporation
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programNAFCU Services Corporation
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...NAFCU Services Corporation
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...NAFCU Services Corporation
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)NAFCU Services Corporation
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)NAFCU Services Corporation
 
How to Start a Wealth Management Program (Webinar Slides) | Money Concepts
How to Start a Wealth Management Program (Webinar Slides) | Money ConceptsHow to Start a Wealth Management Program (Webinar Slides) | Money Concepts
How to Start a Wealth Management Program (Webinar Slides) | Money ConceptsNAFCU Services Corporation
 

More from NAFCU Services Corporation (20)

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
 
Debt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | SecurianDebt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | Securian
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models
 
Strategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ MyersStrategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ Myers
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
 
Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number? Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number?
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivables
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management program
 
SAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analyticsSAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analytics
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
 
Desktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar SlidesDesktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar Slides
 
How to Start a Wealth Management Program (Webinar Slides) | Money Concepts
How to Start a Wealth Management Program (Webinar Slides) | Money ConceptsHow to Start a Wealth Management Program (Webinar Slides) | Money Concepts
How to Start a Wealth Management Program (Webinar Slides) | Money Concepts
 

Recently uploaded

Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCRalexsharmaa01
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524najka9823
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandSharisaBethune
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 

Recently uploaded (20)

Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal Brand
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 

Cyber Intelligence Report Whitepaper by Cyveillance

  • 1. WHITE PAPER Cyber Intelligence Report A Cyveillance Report March 2011
  • 2. Cyber Intelligence Report EXECUTIVE SUMMARY The second half of 2010 saw online fraud scams continue to grow and evolve in geographical reach and technical complexity. User protection against these blended malware-based scams such as traditional antivirus (AV) products still cannot adequate- ly detect and protect against new and quickly changing threats on the Internet, leaving consumers exposed to the shifting cyber dangers. The majority of malware threats on the Internet continue to originate within the United States and China. These two coun- tries lead in almost every significant malware statistical catego- ry, which is not surprising given both countries’ large population and significant Internet presence. Other developed countries do not provide the same volume of threats as the U.S. and China, but still pose significant danger to Internet users. Phishing attack volume declined during the second half of 2010 compared to the first half of the year, averaging over 19,000 con- firmed, unique attacks per month. However, the level of sophis- tication and emphasis on targeted attacks continues to rise. As a result, despite the number of attacks going down, the ability of phishers to be successful has risen significantly as evidenced by the growing number of highly-targeted spear phishing attacks and Advanced Persistent Threats (APTs) reported during the half. Overall, phishing continued to grow as a global problem, with nearly half of all new financial targets based in India and the Middle East. »2
  • 3. Cyber Intelligence Report CYBER INTELLIGENCE USED IN THIS REPORT Except where otherwise noted, the cyber intelligence included in this report includes data col- lected and analyzed between July 1, 2010 and December 31, 2010. The report illustrates aggre- gate cyber intelligence findings that Cyveillance has delivered to its customers and partners. The intelligence detailed in this report includes the following: • Analysis of malware detection rates of leading AV products • Phishing trends along with industries and unique businesses targeted by phishing attacks • A breakdown of the malware distribution chain by geographic location APPROACH To produce the cyber intelligence used in this report, Cyveillance has leveraged its patented Internet-monitoring technology platform. The technology continually sweeps the Internet, col- lecting information from more than 200 million unique domain names and 190 million unique Web sites, 80 million blogs, 90,000 message boards, thousands of IRC/chat channels, billions of spam emails, shortened URLs and more. Unless otherwise stated, it is also important to note that all figures and statistics included in this report are actual measurements as collected by Cyveillance Internet-monitoring technolo- gy rather than statistical projections based upon sample datasets. DOES ANTIVIRUS SOFTWARE PROVIDE ADEQUATE PROTECTION AGAINST MAL- WARE?To better understand the risks consumers face daily from the Internet and given the contin- ued rise of active malware on the Internet, Cyveillance tested malware uncovered on the Internet against many of the top AV products. On a daily basis, Cyveillance detects hundreds to thousands of new malware attacks. To measure the effectiveness of some of the most widely used solutions, Cyveillance ran these active attacks through 13 of the top AV vendor offerings. All AV offerings were continuously patched and updated with the latest signatures. The data was delivered in real time and consisted of only confirmed malicious files. The average non-detection rates of the solutions used during the second half of 2010 are below: Figure 1 – Percent of Malware Not Detected on Day One Source: Cyveillance These companies have U.S. copyrights for their corporate names and/or products listed in the chart above, and are listed only to indicate the research results for informational purposes and no other. »3
  • 4. Cyber Intelligence Report As the results show, almost all of the most popular AV solutions detect less than half of the latest malware threats on day one. So if you visit a malicious website you could have a more than one in two chance of being infected with malware. MALWARE Since 2006, Cyveillance has tracked an online “fraud chain” comprising malware components that store and serve malware executables, distribute malware to consumers, and receive and store the confidential information collected from infected computers. The following are defini- tions related to the fraud chain components analyzed in this report: 1. Malware Hosting Sites - sites hosting and serving up the actual binary malware files 2. Malware Distribution Sites -tainted Web sites that distribute malware to their visitors 3. Malware Drop Sites - sites that collect sensitive and personally identifiable information UNITED STATES AND CHINA HOST OVER A THIRD OF ALL MALWARE EXECUTABLES Malware hosting sites store and serve up malware executables. These sites typically deliver their binary files based upon inline references located on the malware distribution sites. Servers locat- ed in the United States and China host over a third of all malware executables, representing 38% of malware binaries found during the second half of 2010. Figure 2 – Top Malware Hosting Locations 2H 2010 % of All Country Sites United States 25% China 13% United Kingdom 11% Germany 6% Korea 3% Russian Federation 3% Canada 2% France 2% Brazil 2% Netherlands 1% All Others 33% Source: Cyveillance UNITED STATES AND CHINA DISTRIBUTE MORE THAN HALF OF ALL MALWARE Malware distribution sites are used to attract Web surfers for the purpose of installing mali- cious code on their computers. Visitors to these sites are infected with malicious software that is installed from the malware hosting sites previously described. Distribution sites are typically established as a means of targeting specific types of Internet users. As illustrated below and similar to results of the preceding section, the United States and China are responsible for dis- tributing well over half of all malware on the Internet. »4
  • 5. Cyber Intelligence Report Figure 3 – Top Malware Distribution Site Locations 2H 2010 % of All Country Sites China 32% United States 27% United Kingdom 12% Korea 4% Canada 4% Germany 2% Spain 2% Russian Federation 2% France 2% Netherlands 2% All Others 9% Source: Cyveillance MALWARE USED FOR FINANCIAL FRAUD There are many types of malware, ranging from “bot” programs used to launch spam and denial of service (DoS) attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information. While all malware presents a threat, the variations used for financial fraud typically cause the most harm to consumers. The following types of malware usually reside unnoticed on the user’s computer while forwarding personal information to a master server controlled by criminals: • Keyloggers: programs that, without user knowledge, track and record activities such as sites visited and keystrokes made; these are then uploaded to an outside Web server • Downloaders: programs that contain location and login information for malware servers. When evoked, the programs contact the remote malware server to facilitate additional malware downloads to the host computer • Backdoors: programs that allow unauthorized access to information or computer resources by bypassing security mechanisms • Bot Clients: applications that allow unauthorized access to and/or control over a user’s computer in order to help facilitate malicious activity such as spamming or DoS attacks • Re-Directors: applications that redirect a browser to a fraudulent website when the user enters a legitimate URL in the browser’s address bar • Data Miners: programs that collect and analyze information without the user’s knowledge »5
  • 6. Cyber Intelligence Report USA, GERMANY AND CHINA HOST OVER HALF OF ALL MALWARE DROP SITES Malware drop sites are established to collect the information from infected computers that use key- loggers, screen scrapers and other approaches to passively harvest sensitive personal information. Three countries, the United States, Germany and China, host over half of all malware drop sites on the Internet. Figure 4 – Top Malware Drop Site Locations 2H 2010 % of All Country Sites United States 23% Germany 16% China 15% Russian Federation 5% India 5% Taiwan 5% Brazil 4% Poland 2% Korea 2% Spain 1% All Others 23% Source: Cyveillance PHISHING During the second half of 2010, Cyveillance detected a total of 114,797 phishing attacks for an average of over 19,000 unique attacks per month for the period. The amount of attacks seen monthly is down compared to the first half of the year and could be related to the recent decline in spam, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Specifically, the use of more sophisticated and targeted attacks result in greater success and more lucrative opportunities for online criminals. While the number of spam attacks is down, the threat of phishing attacks continues to remain high as phishers become cleverer in their attack schemes. Figure 5 – Phishing Attack Volume 2H 2010 Source: Cyveillance »6
  • 7. Cyber Intelligence Report UNITED STATES HOSTS NEARLY HALF OF ALL PHISHING ATTACKS Phishing is a social engineer- The United States hosted 41% of all phishing attacks for the 2nd half of 2010, more than the ing scam that relies on both remainder of the top 10 countries combined. technology and human inter- action to carry out online Figure 6 – Phishing Hosting Location 2H 2010 fraud, identity theft or attempts to breach corporate Country % of All Sites networks. The schemes are United States 41% varied but typically involve a Netherlands 6% spoofed (spam) email that Great Britain 5% mimics an email from a legiti- Germany 4% Canada 4% mate and respected organiza- France 3% tion. The email solicits the Italy 2% recipient to click on a link in Australia 2% order to update account infor- Malaysia 2% mation or view a marketing Russian Federation 2% promotion. After clicking on All Others 28% the link, the individual is con- Source: Cyveillance nected to a counterfeit web- site that requests sensitive 84 ORGANIZATIONS WERE PHISHING TARGETS FOR THE FIRST TIME IN SECOND personal information (e.g., HALF OF 2010 username and password, During the second half of 2010, 84 brands were first-time targets of phishing attacks, which is credit card number, Social a decrease from the first half of the year. As usual, the overwhelming majority of the new tar- Security number, etc.). The gets are related to the financial industry. A large portion of these new targets are based in India information collected is then and the Middle East, providing further evidence that the problem of phishing continues to grow used for purposes of identity globally and criminals are constantly looking for new revenue growth opportunities. Overall, theft or accessing secure Cyveillance has documented nearly 3,000 unique brands attacked since 2005. data. Figure 7 – Total Unique Brands Phished through 2H 2010 Source: Cyveillance »7
  • 8. Cyber Intelligence Report Figure 8 – New Brands Attacked 1H – 2009 2H -2009 1H - 2010 2H - 2010 200 399 109 84 Source: Cyveillance Figure 9 – New Brands Attacked for First Time in 2H 2010 by Industry Source: Cyveillance Figure 10 – Total Unique Brands Attacked Since 2005 by Industry Source: Cyveillance »8
  • 9. Cyber Intelligence Report MANY PHISHING TACTICS RELATIVELY UNCHANGED As illustrated in Figure 11 and based on sampled data, phishers’ use of a target’s brand name or variation of the brand name in the domain name remains low at 8% of attacks. However, the use of a target’s brand name in the overall phishing attack URL rather than just the domain name is significantly higher at 60%. The cause for the disparity between the two stats is due to the extra effort required from the phisher to obtain the domain as well as increased likelihood of the attack being detected from anti-phishing companies monitoring new domain name registrations. Including the target’s brand name in the URL involves nothing more than a few keystrokes while setting up the attack. Additionally, phishers frequently launch attacks using compromised Web servers. While there is not a practical way to secure all servers on the Internet, Web masters could make setting up attacks more difficult for the phishers simply by keeping their software up to date and moni- toring file structures. Figure 12 – Phishing Attack Trends 1H 2010 1H 2009 2H 2009 1H 2010 2H 2010 Percentage of phishing attacks that only use an IP address: 8% 10% 9% 8% Percentage of phishing URLs that use brand name: 46% 49% 52% 60% Percentage of phishing domains that use brand name: 4% 4% 3% 3% Percentage of phishing attacks that use a compromised site: 59% 56% 62% 64% Source: Cyveillance CONCLUSION The online fraud environment continued to flourish for cyber criminals in the second half of 2010, posing serious danger to both consumers and businesses. Attacks continued to become more distributed, operating from regions around the globe and leveraging distributed resources to evade detection and law enforcement efforts. With nearly half of all new financial phishing targets based in India and the Middle East, the increasing global nature of online fraud is evi- dent. Cyveillance also continued to see growth in the volume of highly targeted attacks such as spear and whale phishing, frequently associated with Advanced Persistent Threats (APTs). As evi- denced in the Aurora attack earlier in 2010, the impact of these attacks can be devastating if undetected over a period of time. Looking forward to first half of 2011 and beyond, Cyveillance expects to see: • Traditional phishing attacks remaining a significant issue for organizations due to the continued expansion of attack vectors such as blended attacks with malware. »9
  • 10. Cyber Intelligence Report • Increased use of advanced technologies such as the automation of spear phishing attacks, especially for attacks attempting to gain access to corporate networks and secure data • Increased targeting of cell phones and mobile devices for malware attacks and fraud schemes. • Targeting of medical records and exploiting social media sites where people disclose their illnesses. • More targeted malware to penetrate specific industrial platforms. • The continued exploitation by criminals of social networking sites and Web 2.0 functionality for purposes of online fraud, malware distribution and accessing corporate networks for data exfiltration. • The continued use of brand abuse tactics for the distribution of malware, deceiving consumers and impacting the credibility of company brands. ABOUT CYVEILLANCE Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and cus- tomer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 100 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more informa- tion, please visit www.cyveillance.com or www.qinetiq-na.com. Copyright © 2011 Cyveillance, Inc. All rights reserved. Cyveillance is a registered trademark of Cyveillance, Inc. All other names are trademarks or registered trademarks of their respective owners. Cyveillance, Inc, 1555 Wilson Boulevard Suite 406 Arlington, VA 22209-2405 888.243.0097 www.cyveillance.com info@cyveillance.com » 10