Cyber criminals are shifting their phishing attacks to global targets and deploying sophisticated spear-phishing attacks that focus on individuals they hope will unknowingly unlock the electronic vault, according to a new report from Cyveillance.
And while banks and credit unions continue to be the top targets of phishers, the Fairfax, Va., company said, social media sites remain a growing favorite of online criminals "due to the inherent nature of these users to share personal information."
Cyveillance said its analysis shows that nearly half of all new financial targets in the second half of 2010 were in the Middle East and India. Geographically spreading their targets and base of operations as well as leveraging distributed Internet resources is how they are working to evade detection and law enforcement, the company said.
Panos Anastassiadis, chief operating officer of Cyveillance, said, "Social engineering has been around for ages, but today through social media, criminals have instant access to all the valuable personal information they need to target very specific individuals and ultimately gain access to extremely valuable corporate information.
"It is critical for everyone to be fully educated about the threats on the open Internet and how they have a responsibility for information security within their organizations. The threats we face can no longer just be addressed with a technology solution alone."
Anastassiadis also said that Cyveillance’s analysis of active attacks on 13 of the top anti-virus vendors found that less than half detected the threat on average on day one. "As a result, visitors to a malicious website could have a more than one in two chance of being infected with malware," the company said.
Cyveillance said it collects information from more than 200 million domain name servers, 190 million websites, and other channels.