About us | Advertising | SecurityWatch
Home   Articles   Blog   Reviews   Press Releases   Security Tools   Sponsored Solutions
Press Releases
Internet Commerce Grows 13.2%; Phishing Attacks Become More Acute and Globally Diverse
Tuesday, 27 July 2004 13:22 EST

Data comes from VeriSign® Internet Security Intelligence Briefing reporting on trends in Internet usage, security, and fraud

London, UK. - July 26, 2004 - VeriSign, Inc. (Nasdaq: VRSN), the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today released the third edition of the VeriSign Internet Security Intelligence Briefing. This edition highlights Internet usage trends, threat and vulnerability patterns, and best practices to improve enterprise security. The report features a section devoted to the analysis of phishing attacks, a fast-growing category of criminal scams that trick Internet users into disclosing personal information, leading to identity theft.

The briefing underscores the rapid growth in security attacks that have attended the near-continuous growth of e-commerce and Internet-based applications. Among the briefing's findings are:

Internet Usage and Growth
• Internet commerce continued to increase during the past 12 months, with the total dollars transacted by a sample of VeriSign merchant customers increasing an average of 13.2 percent.
• The briefing also measured a continuing pattern of growth in the number of Domain Name Service (DNS) queries, which totaled more than 400 billion per month in the first half of 2004. In total, DNS queries have grown over 1,200% since the height of the so-called "Internet Boom".
• Internet domain registrations, which have historically been an indicator of small-business growth, also continued a pattern of healthy expansion. Registrations of domain names for active Web sites increased by 23 percent for .com and 20 percent for .net during the first half of 2004, as compared to the same time frame in 2003.

Internet Vulnerabilities, Other Security Events, and Fraud
• According to the briefing, there was a noticeable increase in multi-vector worms in the first half of 2004. Such worms can simultaneously exploit several vulnerabilities in one attack, and have a longer shelf life than single-exploit worms. The most effective and potentially damaging example of this breed is called a "phatbot," "agobot," or "gaobot."
• The briefing also notes that exploits are released much more quickly following public announcements of vulnerabilities. This underscores the need for enterprise security managers to be more vigilant in vulnerability assessment, prioritization, and remediation.
• VeriSign detected a rise in the number of security events per device during the first half of 2004, reaching a high of nearly 4,000,000 events during the month of March. Top countries by percentage of fraudulent transactions, determined by the origin of IP address, were led by Cameroon, with 100 percent of transactions determined as risky. Following Cameroon was Nigeria (96 percent), Indonesia (93 percent), and Slovenia (92 percent).

Spotlight on Phishing
• The report highlights the growing problem of this trend, providing examples of phishing exploits as well as guidance on the steps needed to prevent, detect, respond, and recover from such attacks.
• In a sample of 490 phishing e-mails, targeting customers of 16 companies, VeriSign found that 93 percent were sent from forged or spoofed e-mail addresses; 5 percent came from sites making no attempt to disguise their destination, and 2 percent came from "cousin" sites, which closely mimic the company site they are seeking to imitate.
• 37 percent of phishing e-mails directed users to capture sites located outside the United States, with a concentration in Korea, China, Poland, Brazil, Taiwan, Singapore, Australia and Indonesia.
• VeriSign found the majority of phishing attacks were launched between 9:00 p.m. - 4:00 a.m., when IT staffers are often on call or fewer in numbers.

The briefing also notes that phishing attempts are especially difficult to detect due to their sophistication and ability to mimic legitimate communications from businesses. Phishers now lure victims by spoofing addresses and using "browser camouflage" techniques, such as floating a JavaScript window over an address bar. In addition, JavaScript windows can remain installed on a user's browser to record information sent and received while that browser is active.

The briefing, http://www.verisign.com/corporate/briefing, draws from comprehensive data gathered through VeriSign's operation of key Internet Intelligence Infrastructure. The report provides enterprise technology managers and the Internet community at large with a deeper understanding of important Internet usage, security, and fraud trends.

About VeriSign
VeriSign, Inc. (Nasdaq: VRSN) delivers intelligent infrastructure services that make the Internet and telecommunications networks more reliable and secure. Every day VeriSign helps thousands of businesses and millions of consumers conduct commerce and communications with confidence. Additional news and information about the company is available at http://www.verisign.com/.



Featured Articles

Tribal thinking in today’s IT
George Santayana once famously observed; “Those who cannot remember the past are condemned to repeat it.”. But when it comes to IT security, a better way of thinking might be; “those who fail to understand the impact of the past on their thinking may find themselves somewhat exposed”…

You can’t manage what you can’t see!
Security threats have grown more menacing with the appearance of the likes of Sober, Mytob, and Bagle. Along with the newer trends of spyware, phishing and key logging the implications of ineffective information security have become potentially debilitating to business operations and indeed strategy.

Endpoint Security: the biggest threat to your organisational flexibility
The development and execution of an endpoint security strategy is an increasingly important and urgent issue for businesses of all sizes. Many are executing – or wanting to execute - flexible working practices and organisation models that leverage contemporary technology.
Scan all company email for viruses, Trojans and worms with 4 virus engines, all in one package - GFI MailSecurity for Exchange/SMTP! Download your free 60-day trial today!

Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial!

Network Security Tools

SpyDefense
SpyDefense protects your computer against annoying, and harmful software such as Spyware, Adware, Trojan horses, etc. SpyDefense is anti-spyware software that prides itself on a very user friendly environment.


Proactive Security Auditor
Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000, Windows XP and and Windows Server 2003-based systems administrators to identify and close security holes in their networks.


File Securer
File Securer is a powerful tool designed to protect your sensitive folder and personal file. With strong security, File Securer embeds the protect into windows system kernel, both on command mode and window mode, all work professionally.




What's up, IT? Blog

Phishing By The Numbers: 41,000 Blocked Sites in 2005
Top 7 PHP Security Blunders
The human factor and information security
Why I Love Vulnerability Analysis In 2005
IT security fear factor: Tape backups
Uncovering Cyber Flaws
State of the security mart
When the hardware gets smart
Security for SMBs
Four Security Resolutions For The New Year

Copyright © IT-Observer.com 2000 - 2006    Privacy Policy | RSS Feeds
Site Meter