Hackers target shared Web hosting servers for mass phishing attacks
Nearly half of phishing attacks seen during the second half of 2012 involved the use of hacked shared hosting servers, APWG report says
IDG News Service - Cybercriminals increasingly hack into shared Web hosting servers in order to use the domains hosted on them in large phishing campaigns, according to a report from the Anti-Phishing Working Group (APWG).
Forty-seven percent of all phishing attacks recorded worldwide during the second half of 2012 involved such mass break-ins, APWG said in the latest edition of its Global Phishing Survey report published Thursday.
In this type of attack, once phishers break into a shared Web hosting server, they update its configuration so that phishing pages are displayed from a particular subdirectory of every website hosted on the server, APWG said. A single shared hosting server can host dozens, hundreds or even thousands of websites at a time, the organization said.
APWG is a coalition of over 2000 organizations that include security vendors, financial institutions, retailers, ISPs, telecommunication companies, defense contractors, law enforcement agencies, trade groups, government agencies and more.
Hacking into shared Web hosting servers and hijacking their domains for phishing purposes is not a new technique, but this type of malicious activity reached a peak in August 2012, when APWG detected over 14,000 phishing attacks sitting on 61 servers. "Levels did decline in late 2012, but still remained troublingly high," APWG said.
During the second half of 2012, there were at least 123,486 unique phishing attacks worldwide that involved 89,748 unique domain names, APWG said. This was a significant increase from the 93,462 phishing attacks and 64,204 associated domains observed by the organization during the first half of 2012.
"Of the 89,748 phishing domains, we identified 5,835 domain names that we believe were registered maliciously, by phishers," APWG said. "The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting."
In order to break into such servers, attackers exploit vulnerabilities in Web server administration panels like cPanel or Plesk and popular Web applications like WordPress or Joomla. "These attacks highlight the vulnerability of hosting providers and software, exploit weak password management, and provide plenty of reason to worry," the organization said.
Cybercriminals break into shared hosting environments in order to use their resources in various types of attacks, not just phishing, APWG said. For example, since late 2012 a group of hackers has been compromising Web servers in order to launch DDoS (distributed denial-of-service) attacks against U.S. financial institutions.
In one mass attack campaign dubbed Darkleech, attackers compromised thousands of Apache Web servers and installed SSH backdoors on them. It's not clear how the Darkleech attackers break into these servers in the first place, but vulnerabilities in Plesk, cPanel, Webmin or WordPress have been suggested as possible entry points.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel... All Cyberwarfare White Papers | Webcasts