'Rock Phish' blamed for surge in attacks
Group described as 'sort of the Keyser Söze of phishing'
IDG News Service - The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are.
Wikipedia defines the Rock Phish Kit as "a popular tool designed to help nontechnical people create and carry out phishing attacks," but according to security experts, that definition is not correct. They say that Rock Phish is actually a person, or perhaps a group of people, who are behind as much as one-half of the phishing attacks being carried out these days.
No one can say for sure where Rock Phish is based, or if the group operates out of a single country.
"They are sort of the Keyser Söze of phishing," said Zulfikar Ramzan, senior principal researcher with Symantec's Security Response group, referring to the secretive criminal kingpin in the 1995 film The Usual Suspects.
"They're doing some pretty scary things out there," he added.
This criminal organization first appeared in late 2004 and was given the name "Rock Phish" because the URLs (Uniform Resource Locators) on the group's fake sites included a distinctive subdirectory named "rock," a technique the group abandoned once phishing filters began looking for the word.
Since then, it has grown to be one of the most prominent phishing groups in operation. It has developed a variety of new attack techniques that have earned the group a kind of grudging respect among security professionals, several of whom declined to be interviewed on the record for this story for fear of being physically harmed. They estimated that the criminal organization's phishing schemes have cost banks more than $100 million to date.
Rock Phish is not known for targeting the two most popular phishing targets -- eBay and PayPal. Instead, it specializes in European and U.S. financial institutions. At last count, the group had spoofed 44 brands from businesses in nine countries, sending out e-mails that try to trick victims into visiting phony Web sites and entering information such as credit card numbers and passwords. Rock Phish sites have spoofed Citibank, ETrade, Barclays and Deutsche Bank, among others.
Security experts estimated that Rock Phish is responsible for between one-third and one-half of all phishing messages being sent out on any given day. "They are probably the most active group of phishers in the world," said Dan Hubbard, senior director, security and technology research with Websense Inc.
What causes particular concern among security experts such as Hubbard is Rock Phish's ability to stay one step ahead of both security products and law enforcement.
For example, Rock Phish pioneered image spam: the technique of sending e-mail messages in graphic files in order to bypass spam filters, according to security experts.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!