Documente Academic
Documente Profesional
Documente Cultură
February, 2010
Trend Analysis
20000 18820
The first month of 2010 marked a new record high 17900
17365
for the number of phishing attacks, identified by 16164 15596
15127
RSA in a single month: 18,820 attacks total. This 15000
13021 13212
represents a 21% increase from December.
11562 11887
Looking back to January 2009, we see that 10783
9998
worldwide phishing attacks more than doubled 10000 8497
within a single year’s time and are still climbing
rapidly.
5000
Fast-flux attacks in January accounted for 24%, up
4% from December. Standard phishing attacks
show a 12% increase compared with December. 0
Sept. 09
Jun. 09
Jul. 09
Aug. 09
Mar. 09
Apr. 09
May. 09
Oct. 09
Jan. 09
Feb. 09
Nov. 09
Dec. 09
Jan. 10
Holding the trend observed since November 2009, the
largest portion of phishing attacks is still being hosted via
standard methods. As to whether this trend will continue,
Source: RSA Anti-Fraud Command Center
we are already witnessing a measurable increase in fast-
flux attacks – indicative of a slow comeback from the Rock
Phish gang.
– Fast-flux networks produce an advanced Denial of Service avoiding the registration of their own domains used for
(DNS) technique that utilizes a network of compromised phishing attacks.
computers, known as a botnet, to host and deliver phish-
– Commercial hosting involves fraudsters who host their
ing and malware websites. The compromised computers
malicious websites for other fraudsters in exchange for a
act as a proxy, or middleman, between the victim and the
fee.
website. It is difficult to expose and shut down fast-flux
networks as content servers that deliver phishing and – Hijacked computers consist of compromised computers
malware websites are hidden behind a cloud of compro- whose IP addresses were assigned to a specific phishing
mised machines whose addresses change very quickly in domain.
order to avoid detection.
– Free Hosting refers to attacks that leverage free hosting
– Hijacked websites are those where fraudsters host their services.
illegal content on legitimate websites' sub-domains,
Jun. 09
Dec. 09
Mar. 09
Jan. 09
Feb. 09
Apr. 09
Jul. 09
Aug. 09
Nov. 09
Sep. 09
Oct. 09
Jan. 10
Source: RSA Anti-Fraud Command Center Brands attacked under five times
100
Segmentation of Financial Institutions 27% 38% 22% 14% 18% 18% 17% 24% 13% 13% 9% 10% 14%
Trend Analysis
60
The preferred target for phishing attacks in the U.S. was 45% 52%
49% 29% 56% 52% 35% 57% 58% 57% 60% 71% 61%
regional banks, a trend that has held steady for eight
consecutive months. The portion of nationwide U.S 40
0
Feb. 09
Sep. 09
Oct. 09
Nov. 09
Apr. 09
Jan. 10
Jan. 09
May. 09
Jun. 09
Dec. 09
Mar. 09
Aug. 09
JuL. 09
Germany 1%
UK 34%
UK 19%
The information set forth in this RSA Online Fraud Report is based on sources and analysis that RSA Security Inc. (“RSA”) believes are reliable.
Statements concerning financial, regulatory or legal matters should be understood to be general observations of the RSA professionals and may not be relied upon as financial,
regulatory or legal advice, which RSA is not authorized to provide. All such matters should be reviewed with appropriate qualified advisors in these areas. RSA reserves the right
to notify law enforcement authorities and/or other relevant agencies regarding the information RSA uncovers in the course of doing business.
Usage Guidelines
Individuals and organizations may reference content from any RSA Online Fraud Report by following these guidelines:
(1) Reprinting and/or distributing an entire RSA Online Fraud Report requires prior approval from RSA in all cases. This includes an entire Monthly Highlight and/or the full set
of Statistics and Analysis from RSA’s phishing repositories. Any requests to reprint and/or distribute an RSA Online Fraud Report must be directed to Heidi Bleau at
heidi.bleau@rsa.com.
(2) It is permissible to reference up to three sentences from the Monthly Highlight. They must be cited in their entirety and within quotation marks. Any requests to cite more
than three sentences must be directed to RSA.
(3) It is permissible to reference up to three sets of Statistics and Analysis from RSA’s phishing repositories. Any requests to cite more than three sets may be directed to RSA.
Charts may not be redrawn. All citations from related data analysis must appear in full sentences and within quotation marks.
(4) It is required that all references to the RSA Online Fraud Report are credited in the following manner: “Source: RSA Anti-Fraud Command Center, RSA Online Fraud Report,
[month], [year]”.
EMC, RSA , RSA Security, FraudAction and the RSA logo are registered trademarks or trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks
mentioned herein are the properties of their respective owners.