Our team has fought phishing for nearly ten years. Thanks to our clients' and partner's data, and a recent not-for-profit public phishing reporting platform, www.phishing-initiative.com, we believe we have now a nearly complete vision of the phishing landscape in France. We indeed took action against more than 15,000 different attacks that have been conducted in 2011. Our review of phishing attacks at the scale of a country such as France points out how specific local phishing trends can be compared to large scale phishing trends analyses, and highlights the importance of specific (regional, linguistic, etc.) phishing reporting platforms to better assess these trends. French companies have been targeted by a handful of groups of phishers originating mainly from one of France's historical colony, Morocco. In recent years, banks have adapted to more and more efficient countermeasures, whether they be on a global scale, ie. phishing blacklists, or on a local scale, ie. how the organisations defend themselves.We have thus observed various phishing techniques which recently (re-)surfaced indicating that phishers are making efforts to delay detection and takedown of the fraudulent websites. These techniques include : - blacklisting of antiphishing organizations - access restricted by geolocalisation, - increase in email-attached phishing forms, - theft of credit-card details through scam pages (fake surveys, fake e-commerce/e-service websites), - text-free phishing pages and emails, - real-time validation of phished credentials, - etc. Phishers have also shifted their targets as they have been intensifying their attacks against french non-banking entities with success. France is not the only country where phishers are testing new strategies as some man-in-the-middle phishing websites have been spotted in other countries. Our observations of these groups show that years of experience without being threatened by local law enforcement have unfortunately allowed these phishers to increase their skills and moved to using banking malware or code obfuscation. After presenting trends on the techniques used by the bad guys, we compare the use of reactive vs proactive detection techniques, such as email reporting by victims vs. log monitoring, and show how strategic the latter are. It is our belief that, although already publicily documented, advanced log monitoring techniques are not well-known in the cybercrime community. Also, given the variety and highly evolving trends of phishing attacks, a combination of phishing detection systems is shown to be more effective. We provide data on phishing impacts, measured both directly from compromised websites and indirectly from log monitoring. Issues related to antiphishing are also discussed : takedown ROI, discrepancies in data exchange laws, connecting cases to reach "prosecution's treshhold". We finally focus on some promising phishing detection and mitigation techniques through domain-based email authentication or reputation protocols (i.e DMARC ARFR feed, DNS RPZ, VBR) and the commercial initiatives trying to leverage them.
Erka Koivunen, a Finnish cybersecurity expert: I know why governments want more access to your onlin
2ff7e9595c
Comentários