66% of the world's phishing came from one group
A single criminal group was responsible for two-thirds of all phishing attacks in the second half of last year. Busy bees, eh? Apparently, this operation are responsible for a two-fold increase in the crime too.
The Avalanche gang are believed to have formed from the ashes of the Rock Phish group, who some suggest were responsible for half the world's phishing attacks before effectively disappearing a couple of years ago.
"Avalanche uses the Rock's techniques but improved upon them, introducing greater volume and sophistication," the report, released by the Anti-Phishing Working Group, stated.
The use of things called 'fast-flux botnets' which host phishing sites, were key to Avalanche's successes. The use of peer-to-peer makes it nigh-on impossible for an ISP to pull the plug on the infrastructure. Sneaky.
It is reported that there were 126,697 phishing attacks during the second half of 2009, which is more than double the number in the first half of the year. Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.
However, the group may be a victim of its own success.
"During an Avalanche campaign, it was not unusual for the target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time," the report stated. "As a result, Avalanche attacks had a much shorter average uptime than non-Avalanche phishing attacks, and community efforts partially neutralized the advantage of the fast-flux hosting."
Err. Right. I can't pretend to know what that all actually means.