Study: One group responsible for 2/3 of all phishing attacks

The Anti-Phishing Working Group (APWG) recently released its report, Global Phishing Survey: Trends and Domain Name Use in 2H2009. From the Overview:

Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―”crimeware” – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

The statistics also show that phishing remained highly localized in certain Internet namespaces, and that some anti-phishing measures had noticeable impacts. While phishing remains a damaging phenomenon involving many millions of dollars in losses, the increasingly ―concentrated‖ nature of much phishing offers some opportunities for improved response and mitigation.

Read the report.

Thanks to Brian Honan for sending the link to this.

About the author: Dissent