Government // Cybersecurity
11:35 AM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Phishers Target Social Media, Universities

Cybercriminals lured by abundance of personal information shared on Facebook, Twitter, and college campuses.

Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Although they continue to attack financial institutions, phishers have broadened their targets to include universities and social media sites due to the inherent nature of these users to share personal information, according to a new report by cyber intelligence security provider Cyveillance.

Phishers are attracted to universities for credentials such as names and password information, according to the "1H 2010 Cyber Intelligence Report." Phishers then use this data to create botnets used to facilitate malicious activity such as spamming or denial of service (DoS) attacks. Social media is used to distribute malware for financial gain. Although used differently, both target large groups of individuals who typically are willing to share personal information and trust online links, Cyveillance said.

"In an age where people are encouraged to share everything from what they had for lunch on Twitter to photos of their weekend on Facebook, cyber criminals are taking advantage of the abundance of information at their fingertips in order to create targeted attacks," said Panos Anastassiadis, chief operating officer of Cyveillance. "It is important for employees and organizations to be prepared beyond just implementing traditional security measures; they need to continuously educate individuals in cyber safety best practices in order to proactively protect their companies against attacks."

In the first half of the year, Cyveillance detected 126,644 phishing attacks, for an average of over 21,000 unique attacks per month, with the volume remaining relatively steady throughout the first two quarters, the company said.

Phishing is a social engineering scam that relies on both technology and human interaction to conduct online fraud and identity theft, according to Cyveillance. Although they vary, typically phishing schemes involve spam that mimics an email from a legitimate source that is designed to steal personal information, which then is used for online fraud, identity theft, or unauthorized network access, the company said.

Malware, on the other hand, is a file or application downloaded from a website or server that has properties that are both involuntary and malicious in nature. There are many types of malware programs, such as bots that launch spam and DoS attacks, as well as keyloggers and backdoor Trojan viruses designed to steal sensitive data.

Overall phishing attacks dropped in the second quarter of 2010 year-over-year, according to an August study by Internet Identity. But phishing attacks on social networking sites, e-commerce, gaming, and web services significantly increased, the security technology and services provider said.

"Phishing attacks by Avalanche, one of the most prolific cyber criminal gangs (responsible for two-thirds of the world's phishing attacks in the second half of 2009), have essentially disappeared. However, it has turned to distributing Zeus malware which is capable of hijacking computers, then stealing banking, social networking, and email account logins, and making that information available as part of a criminal network," Internet Identity's study said.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.