SlideShare a Scribd company logo

RSA Monthly Online Fraud Report -- January 2014

E
EMC

This report examines global phishing and cybercrime trends and offers the latest insight straight from the fraud underground.

TechnologyNews & Politics
1 of 4
Download to read offline
2013 A YEAR IN REVIEW January 2014 PHISHING 2013: A LOOK BACK 2013 has proven to be yet another record year in the number of phishing attacks launched globally. With nearly 450,000 attacks and record estimated losses of over USD $5.9 billion (using APWG’s average uptime of 44:39 hours), phishing remains an ominous threat to consumers and businesses around the world. Compared to 2012, we only saw a slight increase – about 1% - in the total number of attacks, but did see an all-time peak in October with over 62,000 unique attacks identified in a single month. 500000 Phishing Increase Year over Year Phishing volumes 2010 through 2013. 445004 448126 2012 2013 400000 279580 300000 203983 200000 100000 0 2010 2011 Noticeable attack methods this year included the Bouncer attack that filtered incoming victims based on a unique URL parameter values. Not having the “right” parameter value would send the unwitting users to a standard 404-page. The laser-precision attack theme repeated several times during the year with variations on the filtering element including basic FRAUD REPORT R S A M O N T H LY F R A U D R E P O R T page 1
geo-IP filtering. The motives behind such kits are mainly commercial: selling credentials has become a commodity in the underground. A commoditized marketplace drives vendors to provide more value for money, and high-quality, precision lists provide just that. Abundant tools and offerings flourished in the underground. For example, email bombers and mass mailers are readily available to make the lives of phishers and would-bephishers easier. And if you are not sure how to go about mass mailing/spamming, a tutorial is not far away. A free tutorial on mass-mailing techniques being offered freely in the underground. A more sinister post we came across offered a tutorial—and a free tool—on how to spearphish individuals working at specific organizations. Jigsaw: a script-based tool to enumerate employee information for spear-phishing attacks. COMPARISONS YEAR OVER YEAR Last year, we witnessed a 160% increase over 2011 signifying a record year in phishing volumes. While we did not expect the 2012 record to be broken, 2013 seems to have done just that, even though just a slight increase of about one percent. 150000 Phishing Growth by Quarter 2012/2013 quarterly phishing volumes. 144334 141254 2012 2013 120000 125212 125342 105183 99699 90000 81961 60000 70145 30000 0 Q1 R S A M O N T H LY F R A U D R E P O R T Q2 Q3 Q4 page 2
Examining phishing trends on a quarterly basis shows that 2013 saw a constant growth in phishing volumes throughout the year as opposed to the expected decline in Q4. a US PHISHING BY GEOGRAPHY Italy S Africa China Canada Netherlands India Brasil Latin America 4% APJ and Oceania 7% Phishing Volume by Global Region 2013 regional breakdown of phishing attack volume. EMEA 28% U.S. and Canada 63% The country most targeted, unsurprisingly, was the U.S., suffering over 60% of worldwide phishing volumes. Throughout the year, the U.S. was most targeted with the most significant volume coming in October when it saw 80% of global phishing attacks that month. The top 10 countries targeted by phishing in 2013 were: 1. United States 2. United Kingdom 3. Germany 4. India 5. South Africa 6. Canada 7. Netherlands 8. Colombia 9. Australia 10. Brazil Regional Breakdown When looking at phishing volumes across the different geo-regions, North America (including the U.S. and Canada) was the most targeted, followed by EMEA (including the UK) with 26% of global phishing volumes. The following regional breakdown (excluding North America) shows the top three countries targeted in each region and their estimated global losses from phishing in 2013: Regional Breakdown: Europe, Middle East and Africa (Emea) The top three countries and their estimated losses for phishing in EMEA are as follows: 1. 2. Germany, 25% of phishing volume, total estimated losses = $386 million 3. R S A M O N T H LY F R A U D R E P O R T United Kingdom, 31% of phishing volume, total estimated losses = $467 million South Africa, 15% of phishing volume, total estimated losses = $222 million page 3
Regional Breakdown: Asia Pacific, Japan and Oceania The top three countries and their estimated losses for phishing in the Asia Pacific region are as follows. 1. India, 54% of phishing volume, total estimated losses = $225 million 2. Australia, 21% of phishing volume, total estimated losses = $87 million 3. China, 14% of phishing volume, total estimated losses = $59 million Regional Breakdown: Latin America The top three countries and their estimated losses for phishing in Latin America are as follows. 1. Colombia, 43% of phishing volume, total estimated losses = $95 million 2. Brazil, 39% of phishing volume, total estimated losses = $86 million 3. Mexico, 8% of phishing volume, total estimated losses = $19 million 2014 PHISHING FORECAST Phishing, the cybercrime equivalent of pickpocketing, is a crime that is easily committed with very little cost to the attacker: cheap (criminal) hosting services—offered mostly on-top of hijacked websites—are abundantly available. If spamming 500,000 email addresses only sets you back a mere $65, it is no surprise that phishing attack volumes are not dropping. Looking forward into 2014, we expect to see: –– hishing volumes will not drop considerably, though we may see a slight decline. The P decline will be mainly due to growing adoption of email authentication, namely DMARC, which together with tighter policy should help in the reduction of phishing emails received by end users. However, wider global adoption (into LATAM and APJ) still plays a major factor in the battle against phishing. –– ig data analytics and broader intelligence collection will lead to faster detection and B quicker mitigation, resulting in lower financial losses. With the millions of spam messages traversing the internet on a daily basis, separating the wheat from the chaff has become far more challenging. Advancements in phishing techniques and methods also serve to add a layer of complexity when it comes to detection. Deploying analytics into the detection process provides a way to see though the noise and get to the phish faster. Coupled with broader intelligence collection, attacks may be prevented before they are launched. –– reater end user awareness will serve to reduce losses. Cyber awareness has become a G mainstream conversation topic—people are becoming more aware of the dangers in the digital world. More awareness translates directly into fewer losses. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa www.emc.com/rsa ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JAN RPT 0114

Recommended

Formulario devoluciones
Formulario devolucionesFormulario devoluciones
Formulario devolucionesNathalia Sanchez
 
Mit2 092 f09_lec02
Mit2 092 f09_lec02Mit2 092 f09_lec02
Mit2 092 f09_lec02Rahman Hakim
 
Black plague wed thur
Black plague wed thurBlack plague wed thur
Black plague wed thurTravis Klein
 
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec by PMC
 
Fotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura boFotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura bomgonellgomez
 
Flip book
Flip bookFlip book
Flip bookcarloszendejas
 
Forex game
Forex gameForex game
Forex gameTravis Klein
 
вивчення мотивації вибору професії
вивчення мотивації вибору професіївивчення мотивації вибору професії
вивчення мотивації вибору професіїТатьяна Глинская
 

Recommended

Formulario devoluciones
Formulario devolucionesFormulario devoluciones
Formulario devolucionesNathalia Sanchez
 
Mit2 092 f09_lec02
Mit2 092 f09_lec02Mit2 092 f09_lec02
Mit2 092 f09_lec02Rahman Hakim
 
Black plague wed thur
Black plague wed thurBlack plague wed thur
Black plague wed thurTravis Klein
 
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec by PMC
 
Fotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura boFotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura bomgonellgomez
 
Flip book
Flip bookFlip book
Flip bookcarloszendejas
 
Forex game
Forex gameForex game
Forex gameTravis Klein
 
вивчення мотивації вибору професії
вивчення мотивації вибору професіївивчення мотивації вибору професії
вивчення мотивації вибору професіїТатьяна Глинская
 
Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etcTravis Klein
 
Editing trailer
Editing trailerEditing trailer
Editing trailerKhendle Christie
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recoverChandan Dubey
 
Digipak research
Digipak researchDigipak research
Digipak researchloousmith
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCsResearch Now
 
Day2
Day2 Day2
Day2 Travis Klein
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review EMC
 
Yourprezi
YourpreziYourprezi
Yourprezicolera Vh
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiHirokuma Ueno
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Microsoft TechNet - Belgium and Luxembourg
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the marginTravis Klein
 
Tes
TesTes
TesWarsono Cah Keren
 
Amarnath darshan
Amarnath darshanAmarnath darshan
Amarnath darshanChandan Dubey
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyuChandan Dubey
 
Topic 4 journal
Topic 4 journalTopic 4 journal
Topic 4 journalSrinivas Methuku
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?Laurel Gerdine
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 

More Related Content

Viewers also liked

Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etcTravis Klein
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recoverChandan Dubey
 
Digipak research
Digipak researchDigipak research
Digipak researchloousmith
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCsResearch Now
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review EMC
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiHirokuma Ueno
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Microsoft TechNet - Belgium and Luxembourg
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the marginTravis Klein
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyuChandan Dubey
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?Laurel Gerdine
 

Viewers also liked (17)

Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etc
 
Editing trailer
Editing trailerEditing trailer
Editing trailer
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recover
 
Digipak research
Digipak researchDigipak research
Digipak research
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCs
 
Day2
Day2 Day2
Day2
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshow
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review
 
Yourprezi
YourpreziYourprezi
Yourprezi
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRi
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the margin
 
Tes
TesTes
Tes
 
Amarnath darshan
Amarnath darshanAmarnath darshan
Amarnath darshan
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyu
 
Topic 4 journal
Topic 4 journalTopic 4 journal
Topic 4 journal
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

RSA Monthly Online Fraud Report -- January 2014

  • 1. 2013 A YEAR IN REVIEW January 2014 PHISHING 2013: A LOOK BACK 2013 has proven to be yet another record year in the number of phishing attacks launched globally. With nearly 450,000 attacks and record estimated losses of over USD $5.9 billion (using APWG’s average uptime of 44:39 hours), phishing remains an ominous threat to consumers and businesses around the world. Compared to 2012, we only saw a slight increase – about 1% - in the total number of attacks, but did see an all-time peak in October with over 62,000 unique attacks identified in a single month. 500000 Phishing Increase Year over Year Phishing volumes 2010 through 2013. 445004 448126 2012 2013 400000 279580 300000 203983 200000 100000 0 2010 2011 Noticeable attack methods this year included the Bouncer attack that filtered incoming victims based on a unique URL parameter values. Not having the “right” parameter value would send the unwitting users to a standard 404-page. The laser-precision attack theme repeated several times during the year with variations on the filtering element including basic FRAUD REPORT R S A M O N T H LY F R A U D R E P O R T page 1
  • 2. geo-IP filtering. The motives behind such kits are mainly commercial: selling credentials has become a commodity in the underground. A commoditized marketplace drives vendors to provide more value for money, and high-quality, precision lists provide just that. Abundant tools and offerings flourished in the underground. For example, email bombers and mass mailers are readily available to make the lives of phishers and would-bephishers easier. And if you are not sure how to go about mass mailing/spamming, a tutorial is not far away. A free tutorial on mass-mailing techniques being offered freely in the underground. A more sinister post we came across offered a tutorial—and a free tool—on how to spearphish individuals working at specific organizations. Jigsaw: a script-based tool to enumerate employee information for spear-phishing attacks. COMPARISONS YEAR OVER YEAR Last year, we witnessed a 160% increase over 2011 signifying a record year in phishing volumes. While we did not expect the 2012 record to be broken, 2013 seems to have done just that, even though just a slight increase of about one percent. 150000 Phishing Growth by Quarter 2012/2013 quarterly phishing volumes. 144334 141254 2012 2013 120000 125212 125342 105183 99699 90000 81961 60000 70145 30000 0 Q1 R S A M O N T H LY F R A U D R E P O R T Q2 Q3 Q4 page 2
  • 3. Examining phishing trends on a quarterly basis shows that 2013 saw a constant growth in phishing volumes throughout the year as opposed to the expected decline in Q4. a US PHISHING BY GEOGRAPHY Italy S Africa China Canada Netherlands India Brasil Latin America 4% APJ and Oceania 7% Phishing Volume by Global Region 2013 regional breakdown of phishing attack volume. EMEA 28% U.S. and Canada 63% The country most targeted, unsurprisingly, was the U.S., suffering over 60% of worldwide phishing volumes. Throughout the year, the U.S. was most targeted with the most significant volume coming in October when it saw 80% of global phishing attacks that month. The top 10 countries targeted by phishing in 2013 were: 1. United States 2. United Kingdom 3. Germany 4. India 5. South Africa 6. Canada 7. Netherlands 8. Colombia 9. Australia 10. Brazil Regional Breakdown When looking at phishing volumes across the different geo-regions, North America (including the U.S. and Canada) was the most targeted, followed by EMEA (including the UK) with 26% of global phishing volumes. The following regional breakdown (excluding North America) shows the top three countries targeted in each region and their estimated global losses from phishing in 2013: Regional Breakdown: Europe, Middle East and Africa (Emea) The top three countries and their estimated losses for phishing in EMEA are as follows: 1. 2. Germany, 25% of phishing volume, total estimated losses = $386 million 3. R S A M O N T H LY F R A U D R E P O R T United Kingdom, 31% of phishing volume, total estimated losses = $467 million South Africa, 15% of phishing volume, total estimated losses = $222 million page 3
  • 4. Regional Breakdown: Asia Pacific, Japan and Oceania The top three countries and their estimated losses for phishing in the Asia Pacific region are as follows. 1. India, 54% of phishing volume, total estimated losses = $225 million 2. Australia, 21% of phishing volume, total estimated losses = $87 million 3. China, 14% of phishing volume, total estimated losses = $59 million Regional Breakdown: Latin America The top three countries and their estimated losses for phishing in Latin America are as follows. 1. Colombia, 43% of phishing volume, total estimated losses = $95 million 2. Brazil, 39% of phishing volume, total estimated losses = $86 million 3. Mexico, 8% of phishing volume, total estimated losses = $19 million 2014 PHISHING FORECAST Phishing, the cybercrime equivalent of pickpocketing, is a crime that is easily committed with very little cost to the attacker: cheap (criminal) hosting services—offered mostly on-top of hijacked websites—are abundantly available. If spamming 500,000 email addresses only sets you back a mere $65, it is no surprise that phishing attack volumes are not dropping. Looking forward into 2014, we expect to see: –– hishing volumes will not drop considerably, though we may see a slight decline. The P decline will be mainly due to growing adoption of email authentication, namely DMARC, which together with tighter policy should help in the reduction of phishing emails received by end users. However, wider global adoption (into LATAM and APJ) still plays a major factor in the battle against phishing. –– ig data analytics and broader intelligence collection will lead to faster detection and B quicker mitigation, resulting in lower financial losses. With the millions of spam messages traversing the internet on a daily basis, separating the wheat from the chaff has become far more challenging. Advancements in phishing techniques and methods also serve to add a layer of complexity when it comes to detection. Deploying analytics into the detection process provides a way to see though the noise and get to the phish faster. Coupled with broader intelligence collection, attacks may be prevented before they are launched. –– reater end user awareness will serve to reduce losses. Cyber awareness has become a G mainstream conversation topic—people are becoming more aware of the dangers in the digital world. More awareness translates directly into fewer losses. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa www.emc.com/rsa ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JAN RPT 0114