RSS Alerts

Related Links

Related Stories

  • Natwest phishing case reaches the courts
    A malware / phishing case, which reportedly generated more than £600 000 for the originators of the scam, has reached the courts this week, with the defendants - led by two Uzbek brothers - facing very serious charges.
  • Apple under fire over anti-phishing feature
    Apple has come in for criticism on user forums for a new anti-fraud and anti-phishing warning system seen in its Safari Mobile web browser for the iPhone. Forum users report that the feature - seen in v3.1 of the iPhone's operating system - is less than consistent.
  • Phishers use legitimate SSL certificates to fool victims
    More phishers are using legitimate SSL certificates to fool victims, according to Symantec’s latest State of Phishing report.
  • One gang corners the market in phish
    One gang is responsible for more than half of all attempted phishing for the likes of online banking log-in details, and has found ways to extend the lives of its web-sites, according to researchers at Cambridge University.
  • Twitter accounts being hacked by cybecriminals looking for value
    Internet user accounts and passwords – known as credentials in security circles – are rising in value and, say some reports, the credentials on Twitter, the social networking portal, can be worth up to $1000.

News

Industry-wide web email attacks spreading

07 October 2009

Reports are coming in of web-based email services from the likes of Gmail, Hotmail and Yahoo being hacked, and large numbers of user account details being posted to the internet.

So far it seems the attacks are the result of a combination of phishing attacks, trojan-launched keyloggers and exploits of security flaws.

Infosecurity understands that several hacker groups may be involved in what appears to be a concerted attack against the sites and services concerned.

Websense, meanwhile, reports it has noticed a sharp rise in spam emails from Yahoo, Gmail and Hotmail accounts, indicated that some of the hacked accounts are being used for further phishing and spam attacks.

News of the scam was highlighted earlier this week when several lists, detailing more than 30,000 names and passwords from Google, Hotmail and Yahoo web email accounts were posted online.

The BBC reports that it has seen two lists that detail more than 30,000 names and passwords from email providers, including Yahoo and AOL, which were posted online.

Not all security experts remain convinced that the webmail hacking attacks are down to phishing, as data security specialist Imperva says the hacks are actually down to multi-vectored attack strategies being developed by increasingly sophisticated criminal gangs.

"Our observations suggest that phishing is being superseded by a multi-vectored approach of using trojan-launched keyloggers to record user credentials - as was almost certainly the case with Gmail - and accelerated multi-server attacks on Yahoo accounts," said Amichai Shulman, Imperva's chief technology officer.

"The Yahoo account attacks have been going on for more than a year, and are undoubtedly being accelerated by distributing the attack between multiple Yahoo servers in order to avoid being blocked," he said.

"There is also sophisticated software being use to direct the attack through a list of anonymous proxies," he added.

And, Shulman explained, these results allow the hackers to come up with lists of multiple account credentials, which are then traded between cybercriminals in much the same way that stolen debit and credit card details have been for some time.

What we are seeing, says the Imperva CTO, is a rapid acceleration in cybercriminal hacking automation to the point where the hacking gurus at the heart of their cybercrime empires can delegate the spadework out to their less experienced hacker colleagues.

"This trend is what has happened with Yahoo, where attackers are abusing a vulnerability in an API - exposed by many distributed Yahoo servers - to generate credentials using special software that performs brute force attacks at high speed," he said.

"With Gmail also falling - this time to what appears to be trojan-launched keyloggers - we're reaching the stage where two-factor authentication may now be needed to protect the integrity of email accounts. The only question is whether account users are prepared to use this technology," he added.

 

 

This article is featured in:
Application Security Data Loss Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water