IT-Review

Worldwide Phishing Attacks Originate From Less Than Five Zombie Network Operators

CipherTrust released the findings of an analysis of real-world e-mail messages collected from companies worldwide which use IronMail, CipherTrust’s award-winning messaging security appliance. Most significant is evidence that fewer than five zombie network operators are responsible for all Internet phishing attacks worldwide.

During the first two weeks in October, CipherTrust researchers found that less than one percent of e-mail messages are phishing attacks. Although the percentage of phishing messages was relatively small, researchers discovered that each day phishing attacks on the Internet were delivered via a different set of 1,000 zombies, or computers that are maliciously taken over by viruses without the owners’ knowledge; and 70 percent of those zombies were also used to send spam. More than 32 percent of these zombies were based in the United States, with the second largest number, 16 percent, coming from the Republic of Korea. The remaining 52 percent of phishing zombies were spread across ninety-eight other countries.

CipherTrust’s recent phishing analysis also confirms that 46 percent of the phishing attacks used the Citibank brand to entice victims to share financial and personal information. The remaining 54 percent of attacks were split among twelve other well-known brands across the financial and online retail industries. But unlike spam, research indicates that phishing attacks are precisely targeted. For example, recent findings revealed that Lloyds TSB, one of Europe’s leading financial institutions, has been subject to use by phishing scammers, with messages sent almost exclusively to e-mail users located in Europe, where the company is based.

For the complete report, please visit http://www.ciphertrust.com/resources/statistics/phishing.html.

CipherTrust gathered this information by detecting the senders’ Internet Protocol (IP) addresses on confirmed phishing attacks, and then relating those addresses to CipherTrust’s TrustedSource reputation system, helping to verify and determine which phishing attackers send the e-mails. Measuring these types of activities and other behaviors, and having them influence the sender’s reputation in real time is critical to deploy an effective reputation system. CipherTrust’s TrustedSource was designed to provide precise information about sender behavior across hundreds of thousands of IP addresses for the purpose of tracking message legitimacy, and using that information to determine the intent of e-mail senders.

TrustedSource is populated and kept current though constant dialog with participants in the IronMail Global Network (IGN), consisting of over 7.5 million enterprise e-mail users protected by CipherTrust’s IronMail appliance. Members of the IGN can select to contribute data for analysis which allows CipherTrust to refine the defenses implemented in IronMail to make sure both known and unknown attacks are detected and blocked.

Source: press release

See also: