Phishers upped their attacks during the 2015 holiday season, with a large spike in phishing sites detected from November to December. The retail/service sector became the most targeted industry in Q4 2015, with 24.03% of attacks. Belize and the United States topped the list of countries hosting phishing sites in Q4, though the US was by far the highest in December. Phishers unleashed many phishing scams in December in an attempt to defraud consumers during the holiday season.
The document summarizes key findings from the APWG Phishing Activity Trends Report for the 1st quarter of 2016. It finds that the number of unique phishing websites detected increased 250% from the last quarter of 2015 through the 1st quarter of 2016. The retail/service sector remained the most targeted by phishers. The United States continued to be the top country hosting phishing websites. In Q1 2016, 20 million new malware samples were captured globally.
The document summarizes phishing activity trends from the 1st to 3rd quarters of 2015 based on data collected by the Anti-Phishing Working Group (APWG). Some key points:
- Over 630,000 unique phishing sites were detected from Q1 to Q3 2015, with over 250,000 in Q2 and over 240,000 in Q3. Over 1 million unique phishing email reports were received.
- "Business email compromise" scams became a major problem in 2015, using spear-phishing to fool companies into transferring large sums of money.
- Internet service providers were the most targeted industry sector in the first three quarters of 2015, surpassing banking and financial services
Malwarebytes labs 2019 - state of malware report 2Felipe Prado
This document summarizes malware trends in 2018. Key findings include:
1) Cryptomining detections increased 7% in 2018 before declining mid-year. Information stealers like Emotet and TrickBot targeted businesses.
2) Major data breaches in 2018 compromised hundreds of millions of records, a 133% increase over 2017.
3) Ransomware shifted to more targeted attacks using techniques like brute force. Malware increasingly targeted businesses over consumers.
The document summarizes cybersecurity trends in 2016, including a significant increase in data breaches and leaks of personal records. Some notable events involved leaks of large caches of unstructured data from government and corporate networks that influenced global politics. The total number of records leaked in 2016 exceeded 4 billion, more than double the combined total of the previous two years. However, many of these records had originally been stolen in earlier data breaches but were only recently disclosed to the public.
The report summarizes phishing activity and trends in December 2009 based on data from Symantec and partners. Key findings include:
- Overall phishing attacks decreased 4% from the previous month while toolkit-based phishing fell 19%.
- The US, South Korea, and Canada hosted the most phishing lures while the US, Germany, and South Korea hosted the most phishing sites.
- Financial, ecommerce, and information services sectors were most targeted. Attacks targeting Italian, French, and Portuguese brands increased.
Symantec Phishing Report relativo al mese di Aprile: una panoramica generale sulle tendenze del phishing e alcuni dati interessanti raccolti dal team di esperti di Symantec.
Di seguito, le tendenze principali rilevate:
• I phishing toolkit, dei veri e propri kit automatici che facilitano la creazione di siti di phishing, continuano ad essere usati per gli attacchi di tipo fraudolento. Secondo Symantec, il 25% degli URL di phishing sono stati creati tramite questi strumenti. Nonostante però un aumento del 19% negli attacchi tramite toolkit, la proporzione sul totale di phishing del mese è costante.
• Sono stati sfruttati più di 113 servizi di web hosting, che hanno rappresentato il 9% degli attacchi. Nonostante le società di web hosting continuino a migliorare i propri strumenti per limitare gli attacchi, questo tipo di phishing è aumentato del 5% rispetto al mese precedente. Se si considera però il volume totale degli attacchi di phishing, la proporzione di quelli che usano i servizi di web hosting è diminuita rispetto al mese scorso.
• Tra i siti in lingua non inglese, i più frequenti sono quelli in francese, seguiti da quelli in italiano e cinese. E’ stato rilevato un totale di 3650 siti non inglesi nel mese di aprile, con un aumento del 5% rispetto al mese precedente. Questo aumento può essere il risultato di una crescita del volume totale del numero di messaggi osservati da Symantec negli ultimi mesi.
Oltre a una serie di grafici e tabelle, alla fine del report si trova un glossario dei termini più utilizzati.
- In 2017, financial phishing attacks increased, accounting for over half of all phishing detections according to Kaspersky Lab. Attacks targeted major banks, payment systems, and online shops.
- Banking malware attacks decreased in 2017 but still posed a threat, with the Zbot and Gozi families being the most widespread. Android banking malware also decreased slightly.
- Emerging threats in 2017 included the Silence hacking group that targeted 10 financial organizations, stealing millions, and new malware like Cutlet Maker designed to target ATMs.
Symantec Intelligence Report November 2014Symantec
There was a significant jump in emails containing malicious URLs during the month of November, where 41 percent of emailborne malware contained a link to a malicious or compromised website. The last time we saw this level of activity was back in August of 2013. Since then, URL malware had been present in 3 to 16 percent of malicious emails each month, until this recent surge.
We have reason to believe that the Cutwail botnet is responsible for some of this increase. However, this botnet only makes up 3.7 percent of total botnet activity tracked in November. Kelihos and Gamut appear to be in the number one and two positions, comprising 19.2 and 18.8 percent respectively.
The topics in the campaigns we’ve seen so far include fake telecom billing notices, as well as fax and voicemail spam, and government levied fines. The URLs in the first two campaigns appear to be downloaders that will install further malware on a compromised computer, while the third campaign leads to fake captcha sites hosting crypto-ransomware.
Ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-ransomware seen continues to comprise a larger portion of this type of malware. This particularly aggressive form of ransomware made up 38 percent of all ransomware in the month of November.
The document summarizes key findings from the APWG Phishing Activity Trends Report for the 1st quarter of 2016. It finds that the number of unique phishing websites detected increased 250% from the last quarter of 2015 through the 1st quarter of 2016. The retail/service sector remained the most targeted by phishers. The United States continued to be the top country hosting phishing websites. In Q1 2016, 20 million new malware samples were captured globally.
The document summarizes phishing activity trends from the 1st to 3rd quarters of 2015 based on data collected by the Anti-Phishing Working Group (APWG). Some key points:
- Over 630,000 unique phishing sites were detected from Q1 to Q3 2015, with over 250,000 in Q2 and over 240,000 in Q3. Over 1 million unique phishing email reports were received.
- "Business email compromise" scams became a major problem in 2015, using spear-phishing to fool companies into transferring large sums of money.
- Internet service providers were the most targeted industry sector in the first three quarters of 2015, surpassing banking and financial services
Malwarebytes labs 2019 - state of malware report 2Felipe Prado
This document summarizes malware trends in 2018. Key findings include:
1) Cryptomining detections increased 7% in 2018 before declining mid-year. Information stealers like Emotet and TrickBot targeted businesses.
2) Major data breaches in 2018 compromised hundreds of millions of records, a 133% increase over 2017.
3) Ransomware shifted to more targeted attacks using techniques like brute force. Malware increasingly targeted businesses over consumers.
The document summarizes cybersecurity trends in 2016, including a significant increase in data breaches and leaks of personal records. Some notable events involved leaks of large caches of unstructured data from government and corporate networks that influenced global politics. The total number of records leaked in 2016 exceeded 4 billion, more than double the combined total of the previous two years. However, many of these records had originally been stolen in earlier data breaches but were only recently disclosed to the public.
The report summarizes phishing activity and trends in December 2009 based on data from Symantec and partners. Key findings include:
- Overall phishing attacks decreased 4% from the previous month while toolkit-based phishing fell 19%.
- The US, South Korea, and Canada hosted the most phishing lures while the US, Germany, and South Korea hosted the most phishing sites.
- Financial, ecommerce, and information services sectors were most targeted. Attacks targeting Italian, French, and Portuguese brands increased.
Symantec Phishing Report relativo al mese di Aprile: una panoramica generale sulle tendenze del phishing e alcuni dati interessanti raccolti dal team di esperti di Symantec.
Di seguito, le tendenze principali rilevate:
• I phishing toolkit, dei veri e propri kit automatici che facilitano la creazione di siti di phishing, continuano ad essere usati per gli attacchi di tipo fraudolento. Secondo Symantec, il 25% degli URL di phishing sono stati creati tramite questi strumenti. Nonostante però un aumento del 19% negli attacchi tramite toolkit, la proporzione sul totale di phishing del mese è costante.
• Sono stati sfruttati più di 113 servizi di web hosting, che hanno rappresentato il 9% degli attacchi. Nonostante le società di web hosting continuino a migliorare i propri strumenti per limitare gli attacchi, questo tipo di phishing è aumentato del 5% rispetto al mese precedente. Se si considera però il volume totale degli attacchi di phishing, la proporzione di quelli che usano i servizi di web hosting è diminuita rispetto al mese scorso.
• Tra i siti in lingua non inglese, i più frequenti sono quelli in francese, seguiti da quelli in italiano e cinese. E’ stato rilevato un totale di 3650 siti non inglesi nel mese di aprile, con un aumento del 5% rispetto al mese precedente. Questo aumento può essere il risultato di una crescita del volume totale del numero di messaggi osservati da Symantec negli ultimi mesi.
Oltre a una serie di grafici e tabelle, alla fine del report si trova un glossario dei termini più utilizzati.
- In 2017, financial phishing attacks increased, accounting for over half of all phishing detections according to Kaspersky Lab. Attacks targeted major banks, payment systems, and online shops.
- Banking malware attacks decreased in 2017 but still posed a threat, with the Zbot and Gozi families being the most widespread. Android banking malware also decreased slightly.
- Emerging threats in 2017 included the Silence hacking group that targeted 10 financial organizations, stealing millions, and new malware like Cutlet Maker designed to target ATMs.
Symantec Intelligence Report November 2014Symantec
There was a significant jump in emails containing malicious URLs during the month of November, where 41 percent of emailborne malware contained a link to a malicious or compromised website. The last time we saw this level of activity was back in August of 2013. Since then, URL malware had been present in 3 to 16 percent of malicious emails each month, until this recent surge.
We have reason to believe that the Cutwail botnet is responsible for some of this increase. However, this botnet only makes up 3.7 percent of total botnet activity tracked in November. Kelihos and Gamut appear to be in the number one and two positions, comprising 19.2 and 18.8 percent respectively.
The topics in the campaigns we’ve seen so far include fake telecom billing notices, as well as fax and voicemail spam, and government levied fines. The URLs in the first two campaigns appear to be downloaders that will install further malware on a compromised computer, while the third campaign leads to fake captcha sites hosting crypto-ransomware.
Ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-ransomware seen continues to comprise a larger portion of this type of malware. This particularly aggressive form of ransomware made up 38 percent of all ransomware in the month of November.
Anti Phishing Working Group Report 1H 2009Kim Jensen
- The number of unique brand-domain pairs reached a record high of 21,085 in June, rising 92% from the start of 2009.
- Unique phishing reports submitted to APWG peaked at 37,165 in May, around 7% higher than the previous year's peak.
- Sweden surpassed the US as the country hosting the most phishing websites by the end of the first half of 2009.
This document is a presentation on digital marketing and fraud from November 2018. It discusses how current fraud detection techniques can be easily blocked or tricked by bad actors. It provides examples of how botnets, fake sites and apps, and domain spoofing are used to generate invalid traffic and are not properly detected. It also notes that advertising dollars can end up funding illegal sites due to these issues with fraud detection technologies.
“In addition to the ad fraud itself, bad guys make money by selling the “picks and shovels” too – e.g. bots, traffic, clicks, malware, fake apps, etc. They have an entire ecosystem to extract value. What follows are just a few examples, scratching the surface.”
Internal infrastructure isn't the only way hackers gain access to important company data. Make sure you're aware of all the security protocols associated with your employees' social media accounts.
The document discusses the rise of ransomware attacks in the first half of 2016. Key points include:
- Ransomware attacks surged, with nearly 80 million threats detected. 79 new ransomware families were discovered, a 172% increase from 2015.
- Ransomware caused over $209 million in losses for businesses. Many opted to pay ransoms to regain access to encrypted files.
- New ransomware variants targeted enterprise networks and files related to businesses like databases, websites, and tax returns. Attack vectors expanded beyond email to include exploits and remote desktop applications.
- To protect against ransomware, businesses need multilayered security strategies along with software patching and employee education. Rans
1) Incorrect viewability and invalid traffic (IVT) measurements can harm good publishers. Sources corroborate that spoofed domains with high IVT can cause real publishers to get blacklisted.
2) Fake websites pretend to be real sites like Esquire to get ad bids, then when fraud measurements show high rates of sophisticated bots, the actual Esquire site gets blacklisted.
3) Claiming ads are 100% viewable and have 0% non-human traffic when they are not attracts advertising dollars away from real publishers.
This document provides a summary of cybersecurity threats and trends from Symantec's January 2014 Intelligence Report. Some key highlights include:
- Two large data breaches were reported in January exposing over 105 million identities total. The number exposed in a November breach was adjusted upwards to 110 million identities.
- Targeted attacks increased in January to their highest level since August 2013, with manufacturing and non-traditional services being the most targeted industries.
- 555 new vulnerabilities were reported in January, bringing the 12-month total to 6443. Google Chrome and Oracle Java had the most browser and plugin vulnerabilities respectively.
- The global spam rate decreased slightly while phishing and email virus rates also reduced. Sex
This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We will take a look at how results are changing (or not) over the years as well as digging into the overall threat landscape and the actors, actions, and assets that are present in breaches. Windows into the most common pairs of threat actions and affected assets also are provided.
Everyone is paying for fraud detection, but without enough technical knowledge, they don't realize the fraud detection doesn't work or is easily tricked by the bad guys. So what's worse is that the people paying for fraud detection have a false sense of security and take their eyes off of the obvious fraud that is still getting through.
This document summarizes a report on modern ad fraud. It describes how fraudsters buy cheap traffic and then sell ads on that traffic for higher prices, duping marketers. It outlines various fraud techniques like using fake sites and apps, dark pages that are hidden from manual checks, and continuous ad loading in the background. These techniques allow fraudsters to siphon off revenues from publishers. The report analyzes sample fraud campaigns and estimates they generate billions in annual fraudulent profits despite passing existing fraud filters. It concludes by introducing the author, Dr. Augustine Fou, an independent ad fraud researcher.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
There are 2 main forms of mobile fraud - display ad fraud and install fraud. This deck focuses on the far more lucrative and larger form - mobile display fraud.
Ad fraud steals ad budgets and negatively impacts the class action notice industry - ads are not put in front of humans, but instead are shown to bots (software programs that load webpages). Bot don't complete claim forms; humans do.
Despite the use of fraud detection technologies, notice providers should use "best practicable" actions to verify the campaign analytics to see if ad fraud still gets through.
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
In the 3rd quarter of 2016:
- The total number of phishing sites detected fell 25% from the previous quarter's record high.
- The Retail/Service sector continued to be the most targeted, suffering 43% of attacks.
- The number of brands targeted also fell slightly, down 17% from the previous quarter.
- China had the highest malware infection rate at 47.23%, while Scandinavian countries had the lowest rates.
Anti Phishing Working Group Report 1H 2009Kim Jensen
- The number of unique brand-domain pairs reached a record high of 21,085 in June, rising 92% from the start of 2009.
- Unique phishing reports submitted to APWG peaked at 37,165 in May, around 7% higher than the previous year's peak.
- Sweden surpassed the US as the country hosting the most phishing websites by the end of the first half of 2009.
This document is a presentation on digital marketing and fraud from November 2018. It discusses how current fraud detection techniques can be easily blocked or tricked by bad actors. It provides examples of how botnets, fake sites and apps, and domain spoofing are used to generate invalid traffic and are not properly detected. It also notes that advertising dollars can end up funding illegal sites due to these issues with fraud detection technologies.
“In addition to the ad fraud itself, bad guys make money by selling the “picks and shovels” too – e.g. bots, traffic, clicks, malware, fake apps, etc. They have an entire ecosystem to extract value. What follows are just a few examples, scratching the surface.”
Internal infrastructure isn't the only way hackers gain access to important company data. Make sure you're aware of all the security protocols associated with your employees' social media accounts.
The document discusses the rise of ransomware attacks in the first half of 2016. Key points include:
- Ransomware attacks surged, with nearly 80 million threats detected. 79 new ransomware families were discovered, a 172% increase from 2015.
- Ransomware caused over $209 million in losses for businesses. Many opted to pay ransoms to regain access to encrypted files.
- New ransomware variants targeted enterprise networks and files related to businesses like databases, websites, and tax returns. Attack vectors expanded beyond email to include exploits and remote desktop applications.
- To protect against ransomware, businesses need multilayered security strategies along with software patching and employee education. Rans
1) Incorrect viewability and invalid traffic (IVT) measurements can harm good publishers. Sources corroborate that spoofed domains with high IVT can cause real publishers to get blacklisted.
2) Fake websites pretend to be real sites like Esquire to get ad bids, then when fraud measurements show high rates of sophisticated bots, the actual Esquire site gets blacklisted.
3) Claiming ads are 100% viewable and have 0% non-human traffic when they are not attracts advertising dollars away from real publishers.
This document provides a summary of cybersecurity threats and trends from Symantec's January 2014 Intelligence Report. Some key highlights include:
- Two large data breaches were reported in January exposing over 105 million identities total. The number exposed in a November breach was adjusted upwards to 110 million identities.
- Targeted attacks increased in January to their highest level since August 2013, with manufacturing and non-traditional services being the most targeted industries.
- 555 new vulnerabilities were reported in January, bringing the 12-month total to 6443. Google Chrome and Oracle Java had the most browser and plugin vulnerabilities respectively.
- The global spam rate decreased slightly while phishing and email virus rates also reduced. Sex
This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We will take a look at how results are changing (or not) over the years as well as digging into the overall threat landscape and the actors, actions, and assets that are present in breaches. Windows into the most common pairs of threat actions and affected assets also are provided.
Everyone is paying for fraud detection, but without enough technical knowledge, they don't realize the fraud detection doesn't work or is easily tricked by the bad guys. So what's worse is that the people paying for fraud detection have a false sense of security and take their eyes off of the obvious fraud that is still getting through.
This document summarizes a report on modern ad fraud. It describes how fraudsters buy cheap traffic and then sell ads on that traffic for higher prices, duping marketers. It outlines various fraud techniques like using fake sites and apps, dark pages that are hidden from manual checks, and continuous ad loading in the background. These techniques allow fraudsters to siphon off revenues from publishers. The report analyzes sample fraud campaigns and estimates they generate billions in annual fraudulent profits despite passing existing fraud filters. It concludes by introducing the author, Dr. Augustine Fou, an independent ad fraud researcher.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
There are 2 main forms of mobile fraud - display ad fraud and install fraud. This deck focuses on the far more lucrative and larger form - mobile display fraud.
Ad fraud steals ad budgets and negatively impacts the class action notice industry - ads are not put in front of humans, but instead are shown to bots (software programs that load webpages). Bot don't complete claim forms; humans do.
Despite the use of fraud detection technologies, notice providers should use "best practicable" actions to verify the campaign analytics to see if ad fraud still gets through.
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
In the 3rd quarter of 2016:
- The total number of phishing sites detected fell 25% from the previous quarter's record high.
- The Retail/Service sector continued to be the most targeted, suffering 43% of attacks.
- The number of brands targeted also fell slightly, down 17% from the previous quarter.
- China had the highest malware infection rate at 47.23%, while Scandinavian countries had the lowest rates.
The Executive's Guide to the 2016 Global Threat Intelligence ReportSimona Franciosi
The document provides insights from NTT Group's 2016 Global Threat Intelligence Report. Some key findings include:
- The US was the largest source of attacks in 2015, accounting for 65% of attacks. The UK was the largest non-US source.
- The retail sector experienced the most attacks in 2015, surpassing the finance sector which had typically been the most attacked.
- Types of attacks shifting, with anomalous activity making up 36% of attacks in 2015, up from 20% in 2014. Malware also increased.
- Older vulnerabilities continue to plague organizations, with nearly 21% of vulnerabilities over 3 years old. The finance sector remained vulnerable to older issues like Heartbleed and Poodle.
The document summarizes a report from Symantec on phishing activity and trends in October 2009. Some key findings include:
- There was a 17% increase in overall phishing attacks from the previous month.
- 30% of phishing URLs used phishing toolkits, a 24% rise.
- Non-English phishing sites rose 45%, with Italian, French and Chinese language attacks increasing.
- The US, South Korea and Germany hosted the most phishing sites and lures.
Symantec Intelligence Report - Oct 2015CheapSSLUSA
Explore this PDF to know Symantec intelligence report for OCT 2015 from Symantec Global Intelligence Network.
Enjoy this report and feel free to contact us with any comments or feedback.
Important points you have to note down from this report:
- The number of new malware
- Spam have been increasing over the last few month
- Finance, Insurance, & Real Estate sector was the most targeted sector in OCT month
Scam and phishing messages accounted for 19% of all spam in February, down 2% from January. Spammers continued to exploit current events like earthquakes in Haiti and Chile in their messages. Phishing attacks increased 16% from the previous month due to more unique URL and IP attacks. There was a rise in non-English and Italian/French phishing sites attributed to attacks on banks in those countries.
Symantec Intelligence Report September 2014Symantec
Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day.
The .doc file type was the most common attachment type used in spear-phishing attacks, making up more than 52.9 percent of all attachments in September. At 4.8 percent, last month’s top attachment, .exe file types, dropped to fourth.
There were only four publically disclosed data breaches that took place within the month September, resulting in the exposure of 2.5 million identities. However, there were 14 additional data breaches reported in September that took place earlier in the year. The largest data breach reported in September actually took place in April, and resulted in the exposure of 56 million identities.
Ransomware continues to decline as 2014 progresses. However, crypto-style ransomware remains high, making up 38 percent of all ransomware detected in September.
There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second highest in last 12 months.
One in 2,041 emails was identified as a phishing attempt, compared with one in 1,587 for August. While at first glance this looks like a big drop, it results in only a 0.01 percentage point decrease in the overall phishing rate.
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
This season is the time to consider the year in review and the year to come. Nick will review the biggest malware attacks and breaches of the year, including OPM breach, Apple App store malware, Ashley Madison and Hacking Team. Then it’s on to the future as Nick unveils his security predictions for 2016.
IBM X-Force Threat Intelligence Report 2016thinkASG
Download the latest IBM X-Force Threat Intelligence Report
High-value breaches stole headlines as lackluster security fundamentals left organizations open to attack in 2015.
* The globalization of security incidents is shifting to targets like health-related PII and sensitive personal data
* The growing sophistication and organization of cybercrime rings are helping expand their reach
* New attack techniques like mobile overlay malware are evolving, while classics like DDoS and POS malware remain effective
In 2017, there were over 1,765 data breach incidents compromising over 2.6 billion records. The largest breaches stemmed from poor security practices and accidental data exposures, rather than external hacking attacks. Notable breaches included the Equifax breach of 147 million Americans' personal data due to unpatched vulnerabilities, and accidental exposures of personal data by Deep Root Analytics, River City Media, and Alteryx due to misconfigured cloud storage settings. Looking ahead, new regulations like the EU's GDPR have the potential to increase transparency around data breaches.
Welcome to the May edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 57.6 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
RSA Monthly Online Fraud Report -- October 2013EMC
This document discusses cyber security awareness and how consumer online behaviors can put them at risk. It summarizes statistics from a survey of over 14,500 consumers in over 170 countries that found most consumers frequently engage in online activities like online banking, shopping, emailing and social media use. However, many consumers could improve their awareness and protection of their identity and information by updating anti-virus software more and checking credit reports more often. The document encourages readers to visit a website for more information on an online identity risk calculator.
As we reflect on 2019, we see some notable shifts in the threat landscape, with businesses facing new levels of complexity
in fraud orchestration. Rather than looking for the quick buck, fraudsters are playing the long game, with multi-step attacks
that do not initially reveal their fraudulent intent.
As the saying goes, ‘money makes the world go round’, and this could not be more true for the cybercrime underworld.
Fraudsters’ unrelenting demand for fresh user credentials provides the financial incentive for cyber attackers carrying out
major data breaches. When fraudsters successfully leverage the spoils from these breaches to make money, they will use
the proceeds to invest in more advanced attack toolkits and greater volumes of stolen data. As a result, organizations find it
increasingly difficult to defend against the barrage of attacks on their websites and apps.
The only sustainable approach to curbing the cybercrime cycle of success is adopting a zero-tolerance approach to fraud
prevention. Tolerating current fraud levels as a 'cost of doing business' exacerbates the problem long-term by providing the
financial incentive for fraudsters. In-depth profiling of activity across customer touchpoints helps organizations facing subtle
attacks that do not show immediate tell-tale signs of fraud. When combined with targeted friction, large-scale attacks
quickly become unsustainable for fraudsters who have become accustomed to circumnavigating systems that avoid putting
up barriers to users.
As the latest data from the Arkose Labs platform show, attack rates are continuously on the rise. Going into 2020, the fraud fighting community needs to finally win back the upper hand against fraudsters, protecting individuals and our society from
the effects of cybercrime.
As reported in the ISTR Volume 19, 2013 saw a 500 percent increase in ransomware in the latter part of the year. Overall ransomware levels remained high through March 2014, and then slowly started to decline, in part due to the disruption of the GameOver Zeus botnet back in late May.
In contrast, crypto-style ransomware has seen a 700 percent-plus increase. These file-encrypting versions of ransomware began the year comprising 1.2 percent of all ransomware detec¬tions, but now make up 31 percent at the end of August. One variant known as Trojan.Cryptodefense began to appear in large numbers in early June. By the end of July, it made up 77 percent of all crypto-style ransomware for the year to date. This follows predictions in the ISTR saying this type of malware would become more common in 2014.
Over 31.5 million identities were reported exposed in August, from 12 incidents. The jump in exposed identities is due to a large breach in South Korea, comprising 27 million identities. In the last 12 months 53 percent of data breaches were caused by hacking and 21 percent were accidentally made public.
The average number of spear-phishing emails blocked each day for August was 20, compared with 54 in July and 88 in June. This is below the year-to-date average of 86, which is slightly higher than the daily average of 84 for all if 2013.
The most frequently used malicious file types in these email-based targeted attacks were .exe and .doc file types, with .exe attachments coming out on top this month at 31.8 percent. 29 percent of spear phishing emails were sent to Manufacturing, returning it to the top of the industries targeted.
One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indica¬tive of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
Symantec Intelligence Report December 2014Symantec
This document provides a summary of cybersecurity threats from Symantec's December 2014 Intelligence Report. Key points include:
- The average number of spear-phishing attacks dropped to 33 per day in December from 43 in November. Manufacturing was the most targeted industry for these attacks.
- There were 8 data breaches reported in December, with real names, government ID numbers, and home addresses as the most common types of exposed information.
- Trojan.Swifi was the most common malware in December. A new zero-day Flash Player vulnerability (CVE-2014-9163) was also disclosed.
- 428 vulnerabilities were disclosed in December, including 1 zero-day. Internet Explorer
The summary provides an overview of key trends in cybersecurity threats according to Symantec's June 2015 Intelligence Report. There was a decrease in email-based threats like spam, phishing, and malware. However, new malware variants increased significantly to over 57 million in June. Ransomware and crypto-ransomware attacks also rose after declining in previous months. The manufacturing industry remained the top target of spear-phishing while small companies received the most phishing attempts. Transportation saw the highest rate of email-based malware.
2014 Cybercrime Roundup: The Year of the POS BreachEMC
This RSA fraud report summarizes cybercrime in 2014 and includes the number of phishing attacks globally, top hosting countries for phishing attacks, the financial impact of global fraud losses, and a monthly highlight.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
Trafficking fraudulent accounts : the role of the underground market in twitt...Romain Fonnier
This document summarizes research on the underground market for fraudulent Twitter accounts. The researchers monitored 27 account merchants over 10 months, purchasing over 120,000 accounts total. They found merchants could generate thousands of accounts within 24 hours for $0.02-$0.10 each, fulfilling orders through CAPTCHA solving, fraudulent emails, and diverse IP addresses. The researchers estimated these merchants generated $127,000-$459,000 annually and were responsible for 10-20% of accounts later flagged as spam. They developed a classifier to detect millions of fraudulent accounts and disabled 95% of accounts from monitored merchants with Twitter's help. The document analyzes how merchants circumvent defenses and makes recommendations to increase the cost of generating fraudulent accounts.
The document summarizes technical details about ShadowPad, a modular cyber attack platform deployed through compromised software. It describes how ShadowPad operates in two stages, with an initial shellcode embedded in legitimate software that connects to command and control servers. The second stage acts as an orchestrator for five main modules, including for communication, DNS protocols, and loading additional plugins. Payloads are received from the C&C server as plugins and can perform data exfiltration.
The Center for Democracy & Technology filed a complaint with the Federal Trade Commission requesting an investigation into Hotspot Shield VPN's data sharing and security practices. The complaint alleges that Hotspot Shield makes strong claims about not tracking or logging user data, but its privacy policy describes more extensive logging. It is also alleged that Hotspot Shield uses third-party tracking libraries to facilitate targeted advertisements, contradicting its promises of privacy and security.
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
This document provides a summary of DDoS attack trends in Q1 2017 according to Nexusguard's analysis. Key findings include a 380% increase in attacks compared to the previous year, with unusually large attacks on holidays such as Chinese New Year and Valentine's Day. HTTP floods became the most common attack vector. The US was the top source of attacks globally, while China was the top source in the Asia-Pacific region. Larger and more complex multi-vector attacks targeting both volumetric and application layers became more common.
The document summarizes cybersecurity trends in the financial services sector in 2016. Some key points:
1) The financial services sector remained the most attacked industry in 2016, experiencing 65% more attacks on average than other sectors. Common attack methods included SQL injection and command injection exploits.
2) While total attacks increased in 2016, average security incidents decreased for financial services organizations monitored by IBM.
3) Insider threats, both malicious and inadvertent, posed a larger risk than outsider attacks for financial services organizations. The majority of insider attacks were caused by inadvertent or compromised systems rather than malicious insiders.
This document provides a summary of CLDAP reflection DDoS attacks observed by Akamai between October 2016 and January 2017. It details the attack methods, timelines, largest attacks observed, affected industries, source distributions by country and ASN, mitigation recommendations including filtering port 389, and conclusions regarding CLDAP reflection as an emerging DDoS vector.
This document provides a technical analysis of Pegasus spyware samples found on Android devices. Pegasus for Android (called Chrysaor) shares many capabilities with the iOS version, including exfiltrating data from apps, remote controlling devices via SMS, audio surveillance, screenshot capture, and disabling system updates. It uses known Android exploits to gain root access and SMS, HTTP, and MQTT for command and control. The spyware is designed to evade detection and delete itself if detected. Analysis of the samples revealed how the malware infects devices, communicates with its operators, and surreptitiously collects information from infected phones.
This document summarizes a study on zero-day vulnerabilities and exploits. The study obtained rare access to data on zero-day vulnerabilities and exploits to analyze metrics like life status, longevity, collision rates, and development costs. Some key findings include: 1) exploits have an average lifespan of 6.9 years after discovery before being patched, but 25% will last less than 1.5 years and 25% will last over 9.5 years, 2) after 1 year, approximately 5.7% of vulnerabilities in a stockpile will be discovered and disclosed by others, and 3) once an exploitable vulnerability is found, the median time to develop a working exploit is 22 days. The results provide insights to inform policy debates on
This document contains a list of websites categorized into different areas of interest: finance, gambling, e-commerce, dating, and other. Over 50 websites are listed related to online payment processing, gambling sites, major retailers, social media, travel, and dating platforms. The list appears to have been compiled from someone's browser history.
The document lists processes and components of different point of sale (POS) software, including BrasilPOS, cch tax14, cch tax15, AccuPOS, Active-Charge, ADRM.EndPoint.Service, AFR38, Aireus, Aldelo, alohaedc, APRINT6, Aracs, aRPLUSPOS, ASTPOS, AxUpdatePortal, barnetPOS, bt, BTFULL, callerIdserver, CapptaGpPlus, CashBox, CashClub, CashFootprint, and Catapult.
Processes and components antivirus lists the executable files and processes associated with major antivirus software programs. It includes the process names for antivirus programs from companies like Avast, AVG, Avira, ClamWin Antivirus, ESET, F-Secure, GData, GFI Antivirus, Kaspersky, MalwareBytes Antivirus, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, and WebRoot Antivirus. The list provides information on the core processes used by antivirus software to scan for malware, monitor systems for infections, and provide protection.
The document analyzes the prevalence and security impact of HTTPS interception by middleboxes and antivirus software. The researchers developed techniques to detect interception based on differences between the TLS handshake and HTTP user agent. Applying these techniques to billions of connections, they found interception rates over an order of magnitude higher than previous estimates, and that the majority (97-62%) of intercepted connections had reduced security, with 10-40% vulnerable to decryption. Testing of interception products found most reduced security and many introduced severe vulnerabilities. The findings indicate widespread interception negatively impacts security.
This bill directs the Administrator of the National Highway Traffic Safety Administration to conduct a study to determine appropriate cybersecurity standards for motor vehicles. The study would identify necessary isolation, detection, and prevention measures to protect critical software systems. It would also identify best practices for securing driving data. The Administrator would submit a preliminary report within 1 year and a final report within 6 months, including recommendations for adoption of standards and any necessary legislation.
A former employee of the Federal Reserve Board installed unauthorized software on a Board server to earn bitcoins through the server's computing power. The employee modified security safeguards to remotely access the server from home. When confronted, the employee initially denied wrongdoing but later remotely deleted the software to conceal actions. Forensic analysis confirmed the employee's involvement, resulting in termination and a guilty plea to unlawful conversion of government property. The employee was sentenced to 12 months probation and a $5,000 fine.
Microsoft released patches for over 100 vulnerabilities in Windows, Internet Explorer, and Edge in 2016. While the number of vulnerabilities exploited in Internet Explorer before patching declined, no vulnerabilities in the newer Edge browser were exploited. Windows 10 introduced new security features like Attack Surface Reduction that remove vulnerable components. Over 60 vulnerabilities were also patched in various Windows user-mode components, with remote code execution being the most common type.
Muddy Waters Capital is short St. Jude Medical due to serious cybersecurity vulnerabilities identified in STJ's implantable cardiac devices. Researchers were able to replicate attacks that could cause devices to malfunction dangerously or drain batteries. The vulnerabilities stem from a lack of security protections in STJ's device ecosystem, including hundreds of thousands of home monitoring units distributed without adequate safeguards. A cardiologist is advising patients to unplug monitors and delaying implants until issues are addressed, which could take STJ at least two years to remediate through a recall and system rework. The cybersecurity risks may result in litigation if exploits endanger patients.
This document summarizes a workshop held by the FTC on privacy and security issues related to the Internet of Things (IoT). The IoT refers to everyday objects that can connect to the internet and send/receive data. The workshop discussed both benefits and risks of the IoT. Benefits include connected medical devices and home automation. However, risks include security vulnerabilities and privacy issues from collection of personal data over time. Workshop participants debated how fair information practices like data minimization, security, notice and choice should apply. The FTC staff recommends best practices for companies developing IoT products, including security by design and reasonable data collection and retention limits.
When deliberating between CodeIgniter vs CakePHP for web development, consider their respective strengths and your project requirements. CodeIgniter, known for its simplicity and speed, offers a lightweight framework ideal for rapid development of small to medium-sized projects. It's praised for its straightforward configuration and extensive documentation, making it beginner-friendly. Conversely, CakePHP provides a more structured approach with built-in features like scaffolding, authentication, and ORM. It suits larger projects requiring robust security and scalability. Ultimately, the choice hinges on your project's scale, complexity, and your team's familiarity with the frameworks.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...kalichargn70th171
A dynamic process unfolds in the intricate realm of software development, dedicated to crafting and sustaining products that effortlessly address user needs. Amidst vital stages like market analysis and requirement assessments, the heart of software development lies in the meticulous creation and upkeep of source code. Code alterations are inherent, challenging code quality, particularly under stringent deadlines.
Preparing Non - Technical Founders for Engaging a Tech AgencyISH Technologies
Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
Mobile app Development Services | Drona InfotechDrona Infotech
Drona Infotech is one of the Best Mobile App Development Company In Noida Maintenance and ongoing support. mobile app development Services can help you maintain and support your app after it has been launched. This includes fixing bugs, adding new features, and keeping your app up-to-date with the latest
Visit Us For :
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
2. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
2
Phishing Activity Trends Report, 4th Quarter 2015
!
Table of Contents
Statistical Highlights for 4th Quarter 2015 3
Phishing E-mail Reports and Phishing Site Trends 4
Brand-Domain Pairs Measurement 5
Brands & Legitimate Entities Hijacked by
E-mail Phishing Attacks 6
Most Targeted Industry Sectors 7
Countries Hosting Phishing Sites 7
Top Malware Infected Countries 8
Measurement of Detected Crimeware 9
Phishing-based Trojans & Downloader’s Host
Countries (by IP address) 10
Phishing by Top-Level Domain 10
APWG Phishing Trends Report Contributors 11
Phishing Report Scope
The APWG Phishing Activity Trends Report analyzes
phishing attacks reported to the APWG by its member
companies, its Global Research Partners, through the
organization’s website at http://www.apwg.org, and by
e-mail submissions to reportphishing@antiphishing.org.
APWG also measures the evolution, proliferation, and
propagation of crimeware by drawing from the research
of our member companies.
Phishing Defined
Phishing is a criminal mechanism employing both social
engineering and technical subterfuge to steal consumers’
personal identity data and financial account credentials.
Social engineering schemes use spoofed e-mails
purporting to be from legitimate businesses and
agencies, designed to lead consumers to counterfeit
websites that trick recipients into divulging financial
data such as usernames and passwords. Technical
subterfuge schemes plant crimeware onto PCs to steal
credentials directly, often using systems to intercept
consumers online account user names and passwords --
and to corrupt local navigational infrastructures to
misdirect consumers to counterfeit websites (or authentic
websites through phisher-controlled proxies used to
monitor and intercept consumers’ keystrokes).
4th Quarter 2015 Phishing Activity Trends Summary
• Another holiday phenomenon was that the Retail
/ Service sector became the most-targeted
industry sector in the fourth quarter of 2015, with
24.03% of all phishing attacks. [p. 7]
• There has been a notable increase in software
bundlers, which install unwanted programs
without the user’s consent. [p. 8]
• Belize and the United States topped the list of
countries that hosted phishing sites. [p. 7]
• The USA remained the top country hosting
phishing-based Trojans and downloaders during
the three-month period. [p. 10]
• The number of brands targeted by phishing
remained constant throughout 2015, although
new companies and institutions were always
being targeted. [p. 6]
• In Q4 2015, 14 million new malware samples
were captured. [p. 8]
Phishers unleashed a barrage with phishing scams in
December 2015, in an annual attempt to part consumers from
their money. [p. 4]
Phishers Upped Attacks During
the 2015 Holiday Season
3. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
3
Phishing Activity Trends Report, 4th Quarter 2015
!
The APWG continues to refine its tracking and reporting methodology and to incorporate new data sources into our
reports. APWG tracks and reports the number of unique phishing reports (email campaigns) it receives, in addition
to the number of unique phishing sites found. An e-mail campaign is a unique e-mail sent out to multiple users,
directing them to a specific phishing web site (multiple campaigns may point to the same web site). APWG counts
unique phishing report e-mails as those found in a given month that have the same subject line in the e-mail.
The APWG also tracks the number of unique phishing websites. This is now determined by the unique base URLs of
the phishing sites. (A single phishing site may be advertised as thousands of customized URLs, all leading to
basically the same attack destination.) APWG additionally tracks crimeware instances (unique software applications
as determined by MD5 hash of the crimeware sample), as well as unique sites that are distributing crimeware
(typically via browser drive-by exploits). The APWG Phishing Activity Trends Report also includes statistics on rogue
anti-virus software, desktop infection rates, and related topics.
October November December
Number of unique phishing websites detected
48,114 44,575 65,885
Number of unique phishing e-mail reports (campaigns) received
by APWG from consumers
194,499 105,233 80,548
Number of brands targeted by phishing campaigns
391 408 406
Country hosting the most phishing websites
Belize USA USA
Phishing URL contains some form of target name
78.51% 72.61% 52.3%
Percentage of sites not using port 80
2.91% 3.98% 7.50%
Methodology and Instrumented Data Sets
Statistical Highlights for 4th Quarter 2015
4. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
4
Phishing Activity Trends Report, 4th Quarter 2015
!
The total number of phishing attacks observed in Q4 was 158,574. APWG noted a large spike in phishing from
November to December 2015, with an increase of over 21,000 phishing sites detected during the holiday season.
The number of unique phishing reports submitted to APWG during Q4 was 173,262. The number of unique phishing
reports submitted to APWG saw a drop of nearly 15,000 from November to December.
Phishing E-mail Reports and Phishing Site Trends – 4th Quarter 2015
5. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
5
Phishing Activity Trends Report, 4th Quarter 2015
!
The following chart combines statistics based on brands phished, unique domains, unique domain/brand pairs, and
unique URLs. Brand/domain pairs count the unique instances of a domain being used to target a specific brand.
(Example: if several URLs are targeting a brand – but are hosted on the same domain – this brand/domain pair
would be counted as one instead of several.) Forensic utility of this metric: If the number of unique URLs is greater
than the number of brand/domain pairs, it indicates many URLs are being hosted on the same domain to target the
same brand. Knowing how many URLs occur with each domain indicates the approximate number of attacking
domains a brand-holding victim needs to locate and neutralize. Since phishing-prevention technologies (like
browser and e-mail blocking) require the full URL in order to prevent over-blocking, it is useful to understand the
general number of unique URLs that occur per domain.
October November December
Number of Unique Phishing Web Sites Detected 48,114 44,575 65,885
Unique Domains 15,477 14,457 17,689
Unique Brand-Domain Pairs 17,711 17,032 22,882
Unique Brands 391 408 406
URLs Per Brand 123 109 162
Brand-Domain Pairs Measurement – 4th Quarter 2015
6. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
6
Phishing Activity Trends Report, 4th Quarter 2015
!
The number of brands targeted by phishers in each month of the quarter remained constant. Across 2015, phishers
targeted between 393 and 442 unique brands in any given month. However, there was turnover among the
companies that were targeted – a stream of new companies and institutions were phished for the first time.
The above numbers measure widely distributed, general attacks against online companies. They do not measure
“spear-phishing” attacks, which are highly selective attacks that target specific employees at specific companies.
Because such attacks are not widely broadcast via mass spamming, and may involve only a few email lures, there
are no reliable numbers regarding how many companies are being attacked in that fashion.
Brands and Legitimate Entities Targeted by E-mail Phishing Attacks – 4th Quarter 2015
7. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
7
Phishing Activity Trends Report, 4th Quarter 2015
!
The Retail / Service sector became the most-targeted industry sector in the fourth quarter of 2015, with 24.03 percent
of attacks, followed closely by Financial Services. In the first three quarters of 2015, ISPs had been the most-targeted
industry segment.
Phishers often break into vulnerable web hosting networks to provision phishing sites. Belize was the top country
hosting phishing sites in September and October, surpassing the United States. Web servers in Belize were broken
into by phishers, leading to the temporary increase. According to Carl Leonard, Principal Security Analyst at
Forcepoint, the US bias was due to a plethora of sites set up for fake Tech Support scams and fake anti-virus scams
(often called “rogue anti-virus). These sites are designed to defraud people (encouraging them to pay a fee to "clean"
their machine), or to install malware instead of the proffered anti-virus software.
October November December
Belize 42.75% United States 50.90% United States 83.58%
United States 42.56% Belize 27.22% Netherlands 1.95%
Belgium 2.58% Europe 4.65% United Kingdom 1.51%
Europe 2.38% Hong Kong 4.57% Germany 1.26%
Germany 0.99% China 1.14% Australia 1.12%
United Kingdom 0.81% Canada 1.09% Hong Kong 0.86%
Canada 0.71% Italy 0.88% China 0.82%
Brazil 0.63% Germany 0.86% France 0.73%
Hong Kong 0.60% United Kingdom 0.81% Russian Federation 0.60%
France 0.50% Australia 0.76% Ireland 0.57%
Countries Hosting Phishing Sites – 4th Quarter 2015
Most-Targeted Industry Sectors – 4th Quarter 2015
8. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
8
Phishing Activity Trends Report, 4th Quarter 2015
!
The APWG’s Crimeware statistics categorize crimeware attacks as follows, though the taxonomy will grow as
variations in attack code are spawned. Definition: Crimeware is code designed with the intent of collecting
information on the end-user in order to steal the user’s credentials. Unlike most generic keyloggers, phishing-based
keyloggers have tracking components, which attempt to monitor specific actions (and specific organizations, such as
financial institutions, retailers, and e-commerce merchants) in order to target specific information. The most
common types of information are access to financial-based websites, e-commerce sites, and web-based mail sites.
In 2015, APWG member PandaLabs captured 84 million new malware samples, with 14 million of those captured in
the fourth quarter of 2015. Most of them were variants of a much smaller number of pieces of malware, changed in
small ways to avoid anti-malware defenses. By the end of 2015 PandaLabs had 304 million malware samples on file.
There was a major increase in PUPs (Potentially Unwanted Programs) via software bundlers, which install programs
without the user’s consent. And there was a rise in different variants of Cryptolocker (ransomware) in the fourth
quarter. The latter caused mayhem worldwide by locking users out of their data and demanding ransom payments.
According to Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, PUPs placed second,
accounting for nearly a third of infections. Corrons noted: “Aggressive distribution techniques and software programs
used by PUPs means that they achieve a high rate of installation in users’ computers. If we look at the global
percentage of infected computers, which is 35.45 percent, we can see that it increased compared to previous quarters,
and this was mainly driven by PUPs. We must point out, however, that this figure represents computers that have had
any type of malware encounter, but doesn’t necessarily mean that they became infected.”
Asia and Latin America were the regions that registered the highest infection rates. The countries with the lowest
infection rates are generally in Europe, with Japan also appearing in the bottom ten.
Crimeware Taxonomy and Samples According to Classification
Malware Infected Countries – 4th Quarter 2015
New Malware Strains in Q4 % of malware samples
Trojans 53.05%
Viruses 23.48%
Worms 13.38%
Adware/Spyware 1.83%
PUP 8.26%
Ranking Country Infection ratio
45 Netherlands 26.51%
44 Japan 25.34%
43 Denmark 24.84%
42 Belgium 23.46%
41 Switzerland 23.16%
40 Germany 22.78%
39 UK 21.34%
38 Sweden 20.88%
37 Norway 20.51%
36 Finland 20.32%
Ranking Country Infection Rate
1 China 57.24%
2 Taiwan 49.15%
3 Turkey 42.52%
4 Guatemala 39.09%
5 Russia 38.01%
6 Ecuador 37.51%
7 Mexico 37.28%
8 Peru 37.06%
9 Poland 36.83%
10 Brazil 36.34%
Malware Infections by Type % of malware samples
Trojans 61.28%
Viruses 2.02%
Worms 2.40%
Adware/Spyware 5.25%
PUP 29.05%
9. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
9
Phishing Activity Trends Report, 4th Quarter 2015
!
Using data contributed from APWG founding member Forcepoint regarding the proliferation of malevolent
software, this metric measures proportions of three genera of malevolent code:
• Crimeware (data-stealing malicious code designed specifically to be used to victimize financial institutions’
customers and to co-opt those institutions’ identities);
• Data Stealing and Generic Trojans (code designed to send information from the infected machine, control it,
and open backdoors on it); and
• Other (the remainder of malicious code commonly encountered in the field such as auto-replicating worms,
dialers for telephone charge-back scams, etc.)
Accoring to Carl Leonard, Principal Security Analyst, Forcepoint, “In October 2015 the U.S. Department of Justice
announced the arrest of the administrator of the Dridex or Bugat botnet. This botnet spread a malware package.
Victims would see an email lure arrive into their inboxes, purporting to be an invoice or parcel delivery notification.
The malware would then attempt to silently steal the recipient’s online bank credentials.” The botnet was allegedy
used to steal at least US$10 million, and was disrupted by the FBI, Europol, GCHQ and the UK's National Crime
Agency with assistance from private security organizations.
Measurement of Detected Crimeware – 4th Quarter 2015
10. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
10
Phishing Activity Trends Report, 4th Quarter 2015
!
The United States remained the top country hosting phishing-based Trojans and downloaders during the three-
month period.
October November December
United States 67.52% United States 70.12% United States 71.09%
Canada 8.68% Rep. of Korea 8.39% China 6.80%
China 5.14% China 6.82% Rep. of Korea 3.23%
Netherlands 3.22% Netherlands 3.01% Netherlands 3.06%
Germany 2.25% Germany 1.97% Canada 2.72%
United Kingdom 1.93% France 1.57% Germany 2.04%
Portugal 1.29% Canada 1.05% Russian Federation 1.87%
Thailand 1.29% Russian Federation 1.05% France 1.53%
Ukraine 0.96% Ukraine 0.66% Singapore 0.51%
Vietnam 0.96% Romania 0.52% Israel 0.51%
Phishing-based Trojans and Downloader’s Hosting Countries (by IP address)
11. Phishing Activity Trends Report
4th Quarter 2015
w w w . a p w g . o r g • i n f o @ a p w g . o r g
11
Phishing Activity Trends Report, 4th Quarter 2015
!
APWG Phishing Activity Trends Report Contributors
An Infoblox company, IID is a
provider of technology and
services that help organizations
secure their Internet presence.
Panda Security’s mission is to
keep our customers' information
and IT assets safe from security
threats, providing the most
effective protection with
minimum resource consumption.
MarkMonitor, a global leader in
enterprise brand protection, offers
comprehensive solutions and
services that safeguard brands,
reputation and revenue from
online risks.
iThreat provides risk data,
intelligence tools, and analysis to
help its clients protect their
intellectual & Internet properties.
About the APWG
Founded in 2003, the Anti-Phishing Working Group (APWG) is a not-for-profit industry association focused on
eliminating the identity theft and frauds that result from the growing problem of phishing, crimeware, and e-
mail spoofing. Membership is open to qualified financial institutions, retailers, ISPs, solutions providers, the law
enforcement community, government agencies, multi-lateral treaty organizations, and NGOs. There are more
than 2,000 enterprises worldwide participating in the APWG. Because electronic crime is a sensitive subject,
APWG maintains a policy of confidentiality of member organizations.
Websites of APWG public-service enterprises include its public website, <http://www.antiphishing.org>; the
Website of public awareness program, STOP. THINK. CONNECT. Messaging Convention
<http://www.stopthinkconnect.org> and the APWG’s research website <http://www.ecrimeresearch.org>. These
serve as resources about the problem of phishing and electronic frauds perpetrated against personal computers
and their users – and resources for countering these threats. The APWG, a 501(c)6 tax-exempted corporation,
was founded by Tumbleweed Communications, financial services institutions and e-commerce providers.
APWG’s first meeting was in November 2003 in San Francisco and was incorporated in 2004 as an independent
corporation controlled by its board of directors, its executives and its steering committee.
The APWG Phishing Activity Trends Report is published by the APWG. For further information about the APWG,
please contact APWG Deputy Secretary General Foy Shiver at 404.434.7282 or foy@apwg.org. For media inquiries
related to the content of this report, please contact APWG Secretary General Peter Cassidy at 617.669.1123; Te Smith
of MarkMonitor at 831.818.1267 or Te.Smith@markmonitor.com; Luis Corrons of Panda at
lcorrons@pandasoftware.es; Carl Leonard at Forcepoint CLeonard@forcepoint.com or ATmedia@internetidentity.com
PWG thanks its contributing members, above, for the data and analyses in this report0.
Analysis by Greg Aaron, iThreat Cyber Group; editing by Ronnie Manning, Mynt Public Relations.
Forcepoint brings a fresh
approach to address the
constantly evolving cybersecurity
challenges and regulatory
requirements facing businesses
and government agencies.