TMCnet News
APWG Report: Cybercrime Gangs Focus on the Shipping & Cloud Storage Sectors in 1H 2017The Anti-Phishing Working Group's H1 2017 Phishing Activity Trends Report found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors, mounted by cyber gangs against the accounts of both individuals and enterprises. Once they steal usernames and passwords, the criminals can then steal not only funds, but also use services to spend spam mail, order goods for resale, and other nefarious ventures. While the report finds that phishing attacks have occurred most frequently against companies in the Payment, Financial, and the Software-as-a-Service/Webmail sectors in the first half, APWG contributing analysts found two important focus points of cybercrime gang activity:
By studying these phenomenon, the APWG hopes to raise awareness of these vulnerabilities so that hosting providers and registrars can improve their business practices and mitigation operations. Crane Hassold, Manager of Threat Intelligence at PhishLabs, noted that hosting providers that offer free hosting and free website-building tools provide criminals with opportunities. "These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available." An examination of domain name registration patterns revealed other poorly managed web hosting practices that enabled crime. "The .TECH top-level domain had a higher concentration of phishing sites than would be expected, considering the number of domains in the TLD," said Jonathan Matkowsky, Vice-President, Intellectual Property and Brand Security at RiskIQ. "Our investigation found that this was because a hosting provider in the Russian Federation was allowing its customers to create sub-domains on the hosting provider's domain name. This offered miscreants the opportunity to target multiple brands across a variety of industries." The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_h1_2017.pdf About the APWG The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's <www.apwg.org> and <education.apwg.org> websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/> and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies <www.ecrimeresearch.org>. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: Among APWG's corporate sponsors include: AhnLab, Area 1, AT&T (T), Afilias Ltd., Avast!, AVG Technologies, Axur, Baidu Antivirus, Bangkok Bank, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, CSC (News - Alert) Digital Brand Services, Check Point Software Technologies, Claro, Cloudmark, Comcast, CrowdStrike, CSIRTBANELCO, Cyber Defender, CYREN, Cyveillance, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal (News - Alert), eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign, GoDaddy, Google, Hauri, Hitachi (News - Alert) Systems, Ltd., Huawei, ICANN, Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, KnowBe4, LaCaixa, Lenos Software, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI), Melbourne IT, MessageLevel, Microsoft (News - Alert) (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, NZRS Limited, Public Interest Registry, Panda Software, Phishlabs, PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, Psafe, RSA Security (EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce, SecureBrain, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (News - Alert) (VRSN), Wombat Security Technologies, and zvelo.
View source version on businesswire.com: http://www.businesswire.com/news/home/20171017006480/en/ |
