Phishers Breaking Into Web Hosting Servers to Launch Mass Attacks
A report from the Anti-Phishing Working Group says cyber-attackers are breaking into Web servers and then using them to blast phishing pages across the Internet.Cyber-attackers are focusing their efforts on Web hosting providers in order to use their facilities to launch mass phishing attacks, according to a new report from the Anti-Phishing Working Group (APWG). According to the group's Global Phishing Survey for the second half of 2012, attacks leveraging these resources represented nearly half of all phishing attacks recorded around the world in the final six months of the year. In the second half of 2011, “we identified 58,100 phishing attacks that used this mass break-in technique, representing 47 percent of all phishing attacks recorded worldwide," the report notes. "We started 2012 with no attacks of this nature, but beginning in February, these attacks started reappearing, peaking in August 2012 with over 14,000 such phishing attacks sitting on 61 different servers." Attack levels declined in late 2012, but still remained stubbornly high. "Once the phisher breaks into such a server, he first uploads one copy of his phishing content," according to the report. "He then updates the Web server configuration to add that content to every hostname served by that Web server, so that all Websites on that server display the phishing pages via a custom subdirectory. So instead of hacking sites one at a time, the phisher can infect dozens, hundreds or even thousands of Websites at a time, depending on the server."
Using such tactics “is a high-yield activity, and fits into a larger trend where criminals turn compromised servers at hosting facilities into weapons," according to the APWG. "Hosting facilities contain large numbers of often powerful servers, and have large ‘pipes’ through which large amounts of traffic can be sent. These setups offer significantly more computing power and bandwidth than scattered home PCs."