Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Small Business

    ‘Avalanche’ Cyber Gang Dominated Phishing Attacks

    By
    Brian Prince
    -
    May 13, 2010
    Share
    Facebook
    Twitter
    Linkedin

      New research from the Anti-Phishing Working Group (APWG) ties a single crime syndicate to more than 60 percent of the phishing attacks in the second half of 2009.

      According to the report (PDF), a cyber-gang known as Avalanche was responsible for 66 percent of all phishing attacks during the last six months of 2009 and successfully targeted some 40 banks and online service providers. Also hit were vulnerable or non-responsive domain name registrars and registries. Besides phishing, the group also used its infrastructure to push the notorious Zeus Trojan.

      “Avalanche’s impact was unprecedented,” said Greg Aaron, director of key account management and domain security at Afilias and co-author of the study, in a statement. “This one criminal group was responsible for two-thirds of the world’s phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering.”

      According to APWG, there are indications the Avalanche crew is a successor to the infamous Rock Phish gang that operated from 2006 to 2008. Avalanche appeared in December of 2008, and was responsible for 24 percent of the phishing attacks in the first half of 2009.

      “The Rock was the first to bring significant scale and automation to phishing,” the report states. “The Rock registered domain names regularly and in large numbers, used fast-flux hosting to support its phishing Web sites and extend their uptimes, and usually placed about six discrete phishing attacks on each domain name.”

      Avalanche improved upon the Rock Phish gang’s techniques, hosting domains on a botnet consisting of compromised computers. Since no ISP or hosting provider has control of the hosting and can take the pages down, the domain name itself must be suspended by the domain registrar or registry – making mitigation more difficult, the APWG noted.

      In mid-November however security researchers were able to disrupt the group’s botnet for about a week, and since then gang has launched fewer attacks. By March 2010, Avalanche was hosting only one phishing attack on each domain it registered, and the number of attacks fell from 7,089 in November to just 59 in April 2010, according to the report.

      “Avalanche’s relentless activities led to the development of some very effective counter-measures,” explained Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, in a statement. “The data shows that the anti-phishing community — including the target institutions, security responders, and domain name registries and registrars — got very good at identifying and shutting down Avalanche’s attacks on a day-to-day basis.”

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×