RSA Global Fraud Report: Security by the Numbers4:00 PM EST Thu. Aug. 09, 2012
One of the most common exploits aimed at your customers involves phishing attempts in which attackers seek to steal money, passwords and other sensitive information that can lead to a variety of malfeasance, including identity theft. These attacks focus on gaining the confidence of the victim, and persuading the victim to expose exploitable data. Popular attack vectors include email and social media, and typically link to malicious web sites.
RSA has recently issued a fraud report that provides some interesting statistics that can be useful in explaining the threat to your customers. Here are some of their findings.
This is the number of unique phishing attacks on a worldwide basis tracked by RSA during the first half of 2012. It is a 19 percent increase as compared to the first half of 2011. Despite that increase, losses from phishing are actually believed to be on the decline. RSA estimates that phishing attacks in the first half of this year could have potentially caused $687 million in total losses to global organizations.
This is the percentage increase in phishing attacks from May to June of this year. A total of 51,906 attacks were identified by RSA. As of July 1, 2012, the RSA Anti-Fraud Command Center has shut down 650,205 phishing attacks around the world. This overall increase is likely to be very consistent with the experiences of your customers, most of whom continue to find suspicious messages in their in-boxes.
The United States is now in third place on the list of countries targeted by the highest volume of phishing attempts. According to RSA's research, this is the first time that the U.S. has dropped out of the No. 1 spot. As of this moment, the United Kingdom leads the league with 42 percent, and Canada is posting 29 percent. That's an increase of approximately 400 percent for Canada in the first half of 2012. And RSA believes that the nearly equal exchange rates are making our neighbors to the north a more lucrative target. The U.S., meanwhile, picks up the Bronze with 22 percent. But that's a 28 percent decrease for the first half of 2012.
Though the United States has dropped to third in volume, the U.S. still leads the league when it comes to targeted brands, with a total of 26 percent. In this case, the Silver goes to the UK with 10 percent, while Australia and India share the Bronze with 5 percent each. Brands in Brazil, Canada, Italy and China also remained fairly heavily targeted, as well.
This is the percentage increase in phishing attacks targeted against nationwide banks. Given the fact that banks are most closely tied to green, rectangular pieces of paper (or their digital equivalents) this should come as no surprise. But as the attackers focus on the larger, more widely deployed banks, credit unions and smaller, regional banks seem to be getting a little bit of a break, according to the RSA research. Attacks against those institutions are reported to be down by 10 percent and 6 percent, respectively.
Answer us quickly! Which nation is No. 1 when it comes to hosting these attacks? China? Russia? Nope, it's the good ol' US of A. According to the RSA research, 60 percent of the phishing attacks are hosted in the U.S. By comparison, the United Kingdom hosts 7 percent of these attacks; Germany hosts 6 percent; and Russia only 3 percent. Poland and the Netherlands each received honorable mentions with 2 percent. The pie chart posted by RSA also shows a 20 percent statistic for the category of "other."
Although a wide variety of tools can be used in phishing attacks, the Citadel Trojan was responsible for 20 percent of the attacks analyzed by RSA during the course of their research during the second quarter of this year. This variant of the Zeus Trojan is a particularly nasty piece of malware that downloads corresponding ransomeware, freezes up the victim's machine, and posts a fairly convincing message, purported to be from the Justice Department, that accused the user of theft of intellectual property. But if you pay the exceedingly reasonable fine of a hundred bucks, the machine will unfreeze and you can go on your merry way.