VeriSign said it has tracked 66 separate attacks since February 2007, 95 percent of which may have originated from two groups. More than one quarter of the attacks occurred in April and May 2008.
VeriSign estimates that roughly 15,000 people may have been victims of stolen data over the past 15 months and that victim losses can exceed $100,000.
The email-based attacks target individual users and contain personal information such as name, company and mailing address. VeriSign said many of the attacks target senior executives and other high profile individuals.
VeriSign’s iDefense Rapid Response Team expects the volume of spear phishing attacks to continue but noted the attacks do not use vulnerabilities in the operating system or applications to install malicious code.
Of the two groups of attackers responsible for the majority of these attacks, one group, known as Group B, installs a Browser Helper Object capable of logging SSL encrypted sessions and performing man-in-the-middle attacks on two-factor authentication systems.
The other group, called Group A, went through a period where they installed a full version of the Apache Web server on victims’ computers. This group commonly installs a key logger that is also capable of performing attacks on two-factor authentication systems.
VeriSign said recent attacks have netted more than 2,000 victims in May alone and the attacks claimed to have come from the US Federal Trade Commission, Internal Revenue Service, the Better Business Bureau and the US Tax Court.