Crimeware surged in the second half of last year with one company registering more than 10 million new malware samples in the period.
In another shift, cybercriminals repurposed base code of existing crimeware using polymorphic techniques to craft new variations to evade detection, according to the Anti-Phishing Working Group (APWG).
PandaLabs reported 10,425,663 new malware samples registered in the second half last year, which equaled 17 percent of all samples the company recorded since 1990.
Fifty-five percent of the new samples created in the 2nd half of 2010 were Trojans, the favorite weapon used by cybercriminals to infect consumers’ computers, said Luis Corrons, PandaLabs Technical Director.
Security company Websense noticed a shift toward a binary weapons approach to infecting PCs with crimeware, assembling the final crimeware code from several components that arrive through different mechanisms and at different times, said Patrik Runald, senior manager, security research.
“During the second half of 2010 we saw a small drop, percentage-wise, in malware aimed specifically at stealing data but an increase in the total amount of samples compared to the first half of 2010,” Runald said. “Downloaders are used in many of these cases and the end goal is still to steal data — but using several components instead of including this functionality in the main component.”
“The second half of 2010 saw a 6 percent drop in total phishing attacks from the first half. However, the number of brands targeted went up by over 7 percent and there was an increase of almost 6 percent in unique Brand-Domain pairs,” said Ihab Shraim, chief security officer and vice president, network and systems engineering at MarkMonitor. “This data suggests that phishers are utilizing more targeted tactics in order to achieve a better ROI on their phishing campaigns.”
Indeed, while measurements for conventional social engineering-based phishing show some slowing of growth during the half, reports of hyper-focused phishing attacks on key personnel have been increasing since the second half of 2010, and have continued growing through early 2011, indicating a larger shift in tactics by established cybercrime gangs. Though difficult to count automatically, reports of these “spear-phishing” schemes have been increasing in frequency over the past year – and continue to grow.
“There are an increasing number of reports where spear-phishing is used as part of a sophisticated attack to gain access into a corporation’s network by infecting a targeted employee’s computer. This trend is accelerating in 2011, and is responsible for many high profile corporate data breaches,” says APWG chairman Dave Jevans.
Other highlights of the report include:
• Unique phishing reports submitted to APWG in the second half of 2010 steadily decreased over the half, after reaching a previous high for 2010 in June with 33,617
• Unique phishing websites detected by APWG during the second half of 2010 saw a fluctuation of more than 5,000 sites month to month within the half-year period
• The high number of unique brand-domain pairs, 16,767 in November, was down nearly 32 percent from the record of 24,438 in August, 2009
• The number of phished brands reached a high of 335 in September during the half, a decrease of 6 percent from the all-time high of 356 in October, 2009
• Financial Services returned as the most targeted industry sector in the 3rd and 4th quarters of 2010
• Sweden jumped to the top of countries hosting phishing sites reported during Q3, 2010 with 83.12% of all hosting sites reported in August
• The top 10 most prevalent families of fake anti-virus software are responsible for more than 59 percent of rogueware infections