Phishing - Perspectives From Our Experts
Adrien Gendre
—March 26, 2013
—2 min read
Most IT security experts agree that "man" is the biggest vulnerability of any computer system whatsoever. Cybercriminals have well understood it, the development of phishing attacks illustrates this.
The phenomenon is booming. According to recent studies*, the volume of phishing attacks increased by 6% between 2011 and 2012 for an estimated amount of fraud in 2012 of over 1, 5 billion USD (22% more than 2011).
* Source: The year in RSA Phishing Fraud Report January 2013
Why these attacks grow so significantly?
Crossed views of Sebastien Goutal (R & D Manager Vade) and Sylvain Accart (Vade Filter Development Engineer):
Phishing evolves and becomes difficult to detect for many reasons:
1. The duration of the attacks is very short, the volume of emails sent are very small, making them difficult to detect.
2. The phishers are becoming more agile, they adapt and send phishing emails with a lot of variance, "phishing becomes polymorphic."
3. They develop more targeted attacks exploiting available data on social networks.
4. They are difficult to prosecute because the money taken by fraud, often ridiculous, is low compared to the cost of litigation. In addition, the fact that most attacks are carried out from abroad greatly complicates the task from a legal point of view.
5. They exploit numerous faults, in particular CMS such as Wordpress. This allows them to host their phishing kit, and also to seize the database contacts of the website to carry out further attacks.
6. Finally, they get to book - because of the negligence of some registrars - Domain Names close to targeted phishing campaigns.
The phishers surf on the news
Everything can be source of phishing: the obligation to have a car breathalyzer, false reminders of unpaid bills (economic crisis context)...
However, the main and most important threat comes from the omnipresence of social networks in our lives today. We are seeing more and more attacks via the spear phishing (ultra-targeted attack which is based on a good knowledge of the person in question).
For example, phishers send false notification messages to social network users, encouraging them to connect to the trapped web interface and thus take possession of their account, their identity and their information. They have every opportunity to lead numerous lifelike attacks...
Open door for phishers!
As previously stated, phishing attacks generally involve small amounts of money. The cost of a legal action is often greater than the sum stolen. There are therefore few complainants. Banks may be complaining because they repay in most cases customers phished. However, the cost of procedures, the time consumed makes the pursuit irrelevant from a purely economic point of view...
The fact that the attacks come from foreign countries also complicates procedures because they require a more or less difficult cooperation - if not impossible - to implement, depending on the country concerned.
In short, a lack of international cooperation, the cost of procedures leaves the door open for phishers, who also have a strong sense of impunity.
At Vade, we fight against phishing using many ways
Firstly, research and development is essential in this area. We study, through a dedicated unit, phishing kits, phishers.... This allows us to have a deep understanding of the ecosystem related to phishing.
To fight against attacks, we believe the heuristic filtering technique we use is particularly well suited because it is based on recurrent features, whereas classic signature system can be ineffective due to the low volume of phishing.
We also have feedback loops from our customers that we analyze, which represents over 7 million emails a day.
On the specific subject of threats from non-priority messages (newsletters, marketing, social network notifications), we have implemented new modules for specific filtering:
- We identify legitimate social network notifications, which allows us to reject by deduction fraudulent notifications which can lead to malware injections,
- We also offer secure unsubscribe from newsletters and commercial emails, where the unsubscribe scenario is played from our service rather than the client’s...
Finally, we have a module "user alerting” where we invite our users to verify the messages sender who seems suspicious to us without being able to report them as proved phishing.
The more we accompany our users in helping to detect phishing, the better we control the phenomenon.