Digital Transactions Authoritative, insightful and timely information for payments professionals
Evidence is mounting that criminal attacks on e-commerce via keyloggers and other code that detects user credentials are growing rapidly. The number of URLs used to disseminate such malware soared to a record 6,500 in March, according to the latest report from the Anti-Phishing Working Group. That's nearly double the 3,362 the group detected in January and 86% more than the 3,500 found in November, which was the previous high. The skyrocketing increase in such URLs stems from a rising level of so-called SQL injection attacks, says the report. In these attacks, online criminals use malicious code to exploit weaknesses in an e-commerce site to gain access to log-in credentials or other sensitive information that could be used fraudulently. Meanwhile, the actual number of criminal applications also shot up, to 430, another record and 18% more the previous high of 364 recorded in January. “Criminal hackers have apparently redoubled their efforts to develop new techniques and scripts to bypass security measures taken by consumers and enterprises,” says the report, which the APWG released last week. Malware installed on users' machines to redirect them to fraudulent sites?also known as traffic redirectors?is also on the rise, according to the APWG, a consortium of payments processors, security-software vendors, and law-enforcement agencies that has been tracking phishing and other online fraud since 2003. The report did not quantify this increase. The report about the rise in traffic redirectors comes at the same time security experts are scrambling to patch a flaw in the Internet that could allow hackers to hijack users' Web sessions without the need of installing malware (Digital Transactions News, Aug. 7). Some related good news, however, emerged from a report from security firm RSA. The company's Anti-Fraud Command Center last month announced that a group of fraudsters had shut down a site on which they were peddling a program called Neosploit. This so-called malware infection kit had been used by online criminals to attack PCs around the world. “Neosploit is currently the most advanced infection kit available whose reliability, scalability, and efficiency have all contributed to its massive growth and adoption amongst online criminals,” said RSA in a statement. Ironically, however, the fraudsters selling the program were victims of their own success. Demand for the program, coupled with a spotty revenue stream, forced the group to shutter its online store, RSA says, “to the relief of financial institutions across the globe.”
