Hackers target shared Web hosting servers for mass phishing attacks
Nearly half of phishing attacks seen during the second half of 2012 involved the use of hacked shared hosting servers, APWG report says
IDG News Service - Cybercriminals increasingly hack into shared Web hosting servers in order to use the domains hosted on them in large phishing campaigns, according to a report from the Anti-Phishing Working Group (APWG).
Forty-seven percent of all phishing attacks recorded worldwide during the second half of 2012 involved such mass break-ins, APWG said in the latest edition of its Global Phishing Survey report published Thursday.
In this type of attack, once phishers break into a shared Web hosting server, they update its configuration so that phishing pages are displayed from a particular subdirectory of every website hosted on the server, APWG said. A single shared hosting server can host dozens, hundreds or even thousands of websites at a time, the organization said.
APWG is a coalition of over 2000 organizations that include security vendors, financial institutions, retailers, ISPs, telecommunication companies, defense contractors, law enforcement agencies, trade groups, government agencies and more.
Hacking into shared Web hosting servers and hijacking their domains for phishing purposes is not a new technique, but this type of malicious activity reached a peak in August 2012, when APWG detected over 14,000 phishing attacks sitting on 61 servers. "Levels did decline in late 2012, but still remained troublingly high," APWG said.
During the second half of 2012, there were at least 123,486 unique phishing attacks worldwide that involved 89,748 unique domain names, APWG said. This was a significant increase from the 93,462 phishing attacks and 64,204 associated domains observed by the organization during the first half of 2012.
"Of the 89,748 phishing domains, we identified 5,835 domain names that we believe were registered maliciously, by phishers," APWG said. "The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting."
In order to break into such servers, attackers exploit vulnerabilities in Web server administration panels like cPanel or Plesk and popular Web applications like WordPress or Joomla. "These attacks highlight the vulnerability of hosting providers and software, exploit weak password management, and provide plenty of reason to worry," the organization said.
Cybercriminals break into shared hosting environments in order to use their resources in various types of attacks, not just phishing, APWG said. For example, since late 2012 a group of hackers has been compromising Web servers in order to launch DDoS (distributed denial-of-service) attacks against U.S. financial institutions.
In one mass attack campaign dubbed Darkleech, attackers compromised thousands of Apache Web servers and installed SSH backdoors on them. It's not clear how the Darkleech attackers break into these servers in the first place, but vulnerabilities in Plesk, cPanel, Webmin or WordPress have been suggested as possible entry points.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Cyberwarfare White Papers | Webcasts