Rather amazingly, just one crime syndicate stands accused of being responsible for some two thirds of all detected phishing attacks carried out during the last six months of 2009. The so-called Avalanche gang, according to a new report by the Anti-Phishing Working Group (APWG), used highly sophisticated malware to target 40 banks and online service providers as well as vulnerable domain name registrars.

So successful was the Eastern European based gang that not only did its activity account for 66 percent of all phishing attacks, globally, in the second half of 2009, but it caused a spike in reported phishing across the Internet. That's 84,000 of the 126,000 identified fake web sites known to have been used to steal personal information such as credit card and bank account details as well as spread malware.

The Avalanche name does not only apply to the gang behind the unprecedented attacks but also the infrastructure it is using to host those attacks. Rod Rasmussen, founder and CTO of Internet Identity and co-author of the Global Phishing Survey study, insists, however, that coordinated action against that infrastructure "has led to an ongoing, significant, reduction in attacks through April 2010". Although study co-author Greg Aaron, Director of Key Account Management and Domain Security at Afilias, does admit that "the losses by banks and individual Internet users were staggering".

The good news is that in April 2010, only 59 attacks were reported to have been caused by Avalanche.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

7 Years
Discussion Span
Last Post by jollyscoden023
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.