There are a lot of things that the United States is no longer so good at doing: eating vegetables or winning major marathons, for example. But one thing that the U.S. still does really well is provide comfortable hosting platforms for phishing sites. In fact, about 60 percent of all phishing sites are hosted in the U.S., and no other country had more than seven percent, according to a new report.
In its monthly look at fraud and phishing scams, RSA found that although the number of phishing scams targeting people and businesses in the U.S. dropped substantially in June, the overwhelming majority of phishing sites are hosted in the U.S. The next country on the list, the U.K., hosted seven percent of phishing sites, and Germany was next with six percent.
The volume of phishing overall is on the rise, even as it’s decreased in some countries. RSA said it blocked nearly 200,000 phishing attacks in the first half of 2012.
“Phishing attacks continue to increase around the world. In the first half of 2012, the RSA Anti-Fraud Command Center identified 195,487 unique phishing attacks – an increase of 19% as compared to the second half of 2011. Despite the increase, however, fraud
losses from phishing are on the decline. RSA estimates that phishing attacks in the first half of 2012 could have potentially caused $687 million in total losses to global organizations,” RSA said in its report.
And while the volume of attacks is going up, the amount of money lost through phishing attacks is dropping.
“So why are fraud losses decreasing? One reason is that the industry is simply getting better at fighting back. A major factor in determining fraud losses caused by phishing is measuring the lifespan of an attack. The longer an attack is live, the more victims there are that are potentially exposed and at risk of having their credentials stolen. By reducing the lifespan of a phishing attack through early detection and shutdown, organizations narrow the window of opportunity for cybercriminals to commit fraud.”
The way that attackers conduct their phishing attacks don’t change all that much over time. Emails go out, links are clicked on, money comes in. But they do sometimes switch up the tools that they use. One of the more popular tools in use right now is the Citadel Trojan, a stepchild of the Zeus malware family that’s been in use for a while. The crew behind the Citadel malware recently announced that it would no longer be selling it publicly and would only conduct private sales. But that hasn’t done much to dampen attackers’ enthusiasm for the tool.
“On the financial malware front, Citadel is taking the open fraud market by storm and continues to make headlines across the world. Citadel, a derivative of the Zeus v2 Trojan, is currently being sold for $2,500 a kit, with additional plug-ins being sold for $1,000 each on average. A recent announcement in the underground indicates that the hottest selling Trojan in the fraud marketplace today is going private. It appears that soon enough, only existing customers will continue to enjoy Citadel Trojan upgrades and those wishing to purchase a new kit from the outside will have to get a current customer to vouch for them in order to purchase it,” RSA’s report said.