APWG Report: More than One Third of Web Host VictimsRepeatedly Exploited By Cybercrime Gangs
June 2011 by APWG
The Anti-Phishing Working Group (APWG) is reporting this week that more than one-third of respondents to a new Web Vulnerabilities Survey were repeat victims of phishing attacks that resulted in a successful establishment of phishing or spoofing websites on their web server platforms.
Some 37 percent of respondents to the wide-ranging study of website vulnerabilities and administrative responses to exploitation reported that their websites had phishing or spoof sites planted on their web servers two or more times before, a telling statistic that reflects both the persistence of phishers and the difficulties of keeping them at bay.
“Phishers value compromised web sites highly because they are much harder for interveners to take down. They’re confident that they’ll be able to identify and exploit sites, and do so repeatedly. Victims are not mitigating exploits entirely or are not implementing adequate measures to keep them away,” said APWG Research Fellow Dave Piscitello of ICANN.
“Keeping all components of a web site – OS, web server, applications, and content - patch current and applying the most secure configuration options possible could significantly reduce initial and repeat attacks,” concluded Piscitello.
The APWG’s Internet Policy Committee began an online survey for managers of websites that had been exploited in phishing attacks and other malevolent enterprise nearly 18 months ago. Some 270 completed surveys are included in this first tally and analysis.
The full report is here: http://www.apwg.org/reports/apwg_we...
The APWG IPC organized this study to understand the web site operating environments that are abused by cybercrime gangs, the nature of the attacks, and actions the victim took in response, to obtain a clearer understanding of attacker methodologies and target preferences.
While the survey results clearly indicate that web sites could benefit from broader implementation of preventative measures to mitigate known vulnerabilities, they also reveal that organizations are not adequately monitoring for anomalous behavior or suspicious traffic patterns that may indicate previously unseen, so-called zero day attacks.
While only one in five victims reported that the attacks were discovered by their own staff, fifty-two percent of respondents were informed of the attack by third-party security companies. Victims indicated that their web hosting service (18%) or the company that was phished (18%) were as likely to notify victims as the organization’s staff.
“You can’t publish active content in Internet time and verify that your protective measures against attacks remain effective. Vulnerability testing, if done at all, is done too infrequently,” lamented Piscitello.
“That nearly 80% of incidents are being detected by third parties tells us that too few organizations take real time monitoring or examination of logs for suspicious activities seriously,” concluded Piscitello.
If your web site was used to abet a phishing attack, and you would be willing to complete the survey, the online survey instrument remains open at this URL: http://www.zoomerang.com/Survey/WEB...
APWG IPC researchers continue to collect responses and will take periodic snapshots to observe whether phishing attacks change over time, and if so, how. A complete analysis of the survey results—with specific recommendations, remedies, and practices—is in preparation by APWG IPC, which expects to publish this report later this year.