The last year or so has seen a series of high-profile targeted attacks against corporate and government networks, including the Aurora attack on Google and others, the intrusion at RSA and the recent attack on the Sony PlayStation Network. But a new report from Microsoft shows that attackers increasingly are going after consumers with highly refined phishing attacks based on social networks.
The company’s semi-annual Security Intelligence Report, which Microsoft released Thursday, found that from the beginning of 2010 to the end of the year, phishing attacks based on social networks increased by 1200 percent. At the beginning of the year, those kinds of phishing attacks accounted for about 8.3 percent of phishing attempts and in December that number had jumped to 84.5 percent.
Some of that increase may be attributable to the continued growth of social networks such as Twitter and Facebook, both of which saw major jumps in popularity in 2010. But it also likely was due to the amount of trust that users tend to place in those sites themselves as well as the connections they have on the sites.
“Across the threat landscape, we see a definite polarization in terms of
criminal behavior. On one side are a small number of sophisticated criminals
whose motives vary from large payoffs to targeted attacks. These attackers may
have special intelligence about a target’s environment, use customized social
engineering to trick the intended victims, or exploit newly-discovered
vulnerabilities in software to compromise networks and systems,” Microsoft’s Vinny Gullotto said in a blog post.
“On the other side, there are those who leverage more accessible attack
methods, in some cases originally created by the more skilled cybercriminals,
along with social engineering to take a small amount of money from a large
number of people. Social engineering tactics include fooling people with rogue
security software that pose as legitimate protection products, impersonating
friends to steal passwords to online gaming accounts, conducting phishing using
social networking as the lure, and tricking users to download adware.”
Microsoft’s research also found that of the top 10 threats observed in the second half of 2010, two of them were Java exploits. Many of the other threats the company saw in wide distribution during the period covered by the report were some sort of bot or piece of malware that had a botnet component embedded in it.
In a webcast discussing the details of the report, Microsoft’s Jeff Williams said that much of the malicious activity targeted at consumers centers on high-profile news events and takes advantage of users’ interest in things such as celebrity deaths or scandals.
“We saw fake product promotions during significant events with media attention,” Williams said.
Those scams are well-known in the security community, but not so much in the wider consumer world and attackers have preyed on users’ ignorance and curiosity about such events with black hat SEO and adware scams.