Phishing: Not Just In Shared Hosting Environments

Yesterday, we talked about the rise of phishing in shared hosting environments. Of course, you probably know that you can be a phishing victim in other types of hosting environments as well. These attacks can be catastrophic for businesses, as well as the individuals whose data is compromised.

Let's take a look at the statistics of phishing : how often it occurs, who's affected, and if there is anything you can do to protect yourself. These statistics and all associated information is compiled from the Anti-Phishing Working Group (APWG) April 2013 report, and all data gathered from all over the world represents the latter half of 2012.

How Many Attacks Were There, And What Sites Were Affected?

craquelure Phishing: Not Just In Shared Hosting EnvironmentsAccording to the report, 123,486 separate attacks took place worldwide. If you compare that to the 93,462 that took place in the first half of 2012, you'll see that's quite the increase. As we discussed in yesterday's article pertaining to shared hosting, attacks occurring on shared virtual servers allowed multiple domains to be attacked all at the same time.

Because of the attack on shared hosting environments, 89,748 separate domain names were compromised. 2,489 of those attacks were exposed on 1,841 separate IP addresses instead of on domain names. It is important to note that none of these phishing attacks took place on IPv6 addresses.

IPv6 is the latest IP, designed by the Internet Engineering Task Force (IETF) to address the problem they knew would come: the exhaustion of IPv4 addresses. It isn't interoperable with IPv4, but is rather an independent network working in parallel with IPv4. One of the reasons no attacks have taken place could simply be because IPv6 traffic share is only nearing 1%: the majority of internet traffic is still carried on IPv4.

Hacked/Compromised Domains vs. Maliciously Registered Domains

Out of that 89,748 domain names that were the victim of phishing, the APWG thinks 5,835 domains were maliciously registered by the phishers themselves. That is good, because it appears this practice is declining: 7,712 were labeled as malicious in the first half of 2012, and 14,650 in the beginning of 2011.

The rest of the domains were hacked, whether shared or cheap web hosting environments. When it comes to phishers using sub-domain services, the numbers fell here as well: only 14% to 8% of the overall number of attacks.

Phishers are still relying on URL shortening services to trick phishing URLs, but only 785 phishing attacks such as this took place in the second half of 2012.

URL shortening is often harmless, like within the Twitter platform, when the number of characters that can be entered is limited. Think Bitly, a URL shortening service that saw their shortened links accessed 2.1 billion times in November 2009. When a spammer or hacker uses URL shortening, it can lead to the shutting down of the URL by their cheap web hosting provider. 65% of shortened URLs found to be malicious were discovered at one provider alone, TinyURL.com.

Are Some TLDs More Popular For Phishing?

It seems that phishers maliciously register domains in only three TLDs : .com, .info, and Thailand's .tk. Phishers also seem to love PayPal, as it sees 39% of the overall attacks. 48% of phishing domains were .com.

Phishing: Not Just In Shared Hosting Environments: What About Registrars?

79% of maliciously registered domains appear to have been registered with 21 different registrars, most of them in China. They include Shanghai Yovole Networks; Hang Zhou E-Business Services; Chengdu West Dimension Digital Technology; Internet.bs; Jiangsu Bangning Science; Melbourne IT; Beijing Innovative; 1API; Directl/PDR; Bizcn .com; Register .com; Xin Net Technology Corp; OVH; Go-daddy; Name.com; Fast Domain; eNom Inc.; tucows; and 1 and 1 Internet AG.

There may be no way to fully protect yourself against phishing attacks. However, by staying away from a shared servers and knowing the information that could help you decrease the chances you'll fall victim, you can make cheap web hosting work for you without compromising your data.

Is phishing a concern of yours? Have you taken the proper steps to decrease your chances of being a victim?

2 thoughts on “Phishing: Not Just In Shared Hosting Environments

  1. IPv4 still have some positive aspects to stay over internet. Web hosting customer will host their website on IPv4 until IPv6 adoption reaches 95%. Any new technology always take place after 95% support from market share. This factor should make it clear that IPv4 is still here for some time. There is no advantage to support IPv6 unless ISPs drop support for IPv4. IPv6 would take place only when IPv4 abandonment will happen suddenly, unexpectedly, and violently. All ISPs have to support IPv6 then it will get 100% of their customers. Otherwise host will be forced to support IPv4.
    If we take an example of phishing attacks then these attacks are prohibited on IPv6 addresses. As IPv6 is latest IP so its traffic share is nearly 1% because the majority of internet traffic is still carried on IPv4.

  2. PayPal phishing mails delivering CTB-Locker ransomware coming from fake Chrome and Facebook emails. Google chrome icon is used as a way of fooling people to think that it is installer package. Clicking on it downloads ransomware variant. CTB-Locker ransom message can be viewed in 7 languages (French, Spanish, Latvian, English, Italian, German and Dutch) and has affected Italy, France, India, South Africa, Spain, Turkey, Russia, Chile, United States and Mexico.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.