Government // Cybersecurity
News
10/12/2010
11:35 AM
50%
50%

Phishers Target Social Media, Universities

Cybercriminals lured by abundance of personal information shared on Facebook, Twitter, and college campuses.




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Although they continue to attack financial institutions, phishers have broadened their targets to include universities and social media sites due to the inherent nature of these users to share personal information, according to a new report by cyber intelligence security provider Cyveillance.

Phishers are attracted to universities for credentials such as names and password information, according to the "1H 2010 Cyber Intelligence Report." Phishers then use this data to create botnets used to facilitate malicious activity such as spamming or denial of service (DoS) attacks. Social media is used to distribute malware for financial gain. Although used differently, both target large groups of individuals who typically are willing to share personal information and trust online links, Cyveillance said.

"In an age where people are encouraged to share everything from what they had for lunch on Twitter to photos of their weekend on Facebook, cyber criminals are taking advantage of the abundance of information at their fingertips in order to create targeted attacks," said Panos Anastassiadis, chief operating officer of Cyveillance. "It is important for employees and organizations to be prepared beyond just implementing traditional security measures; they need to continuously educate individuals in cyber safety best practices in order to proactively protect their companies against attacks."

In the first half of the year, Cyveillance detected 126,644 phishing attacks, for an average of over 21,000 unique attacks per month, with the volume remaining relatively steady throughout the first two quarters, the company said.

Phishing is a social engineering scam that relies on both technology and human interaction to conduct online fraud and identity theft, according to Cyveillance. Although they vary, typically phishing schemes involve spam that mimics an email from a legitimate source that is designed to steal personal information, which then is used for online fraud, identity theft, or unauthorized network access, the company said.

Malware, on the other hand, is a file or application downloaded from a website or server that has properties that are both involuntary and malicious in nature. There are many types of malware programs, such as bots that launch spam and DoS attacks, as well as keyloggers and backdoor Trojan viruses designed to steal sensitive data.

Overall phishing attacks dropped in the second quarter of 2010 year-over-year, according to an August study by Internet Identity. But phishing attacks on social networking sites, e-commerce, gaming, and web services significantly increased, the security technology and services provider said.

"Phishing attacks by Avalanche, one of the most prolific cyber criminal gangs (responsible for two-thirds of the world's phishing attacks in the second half of 2009), have essentially disappeared. However, it has turned to distributing Zeus malware which is capable of hijacking computers, then stealing banking, social networking, and email account logins, and making that information available as part of a criminal network," Internet Identity's study said.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.