Industry-wide web email attacks spreading

So far it seems the attacks are the result of a combination of phishing attacks, trojan-launched keyloggers and exploits of security flaws.

Infosecurity understands that several hacker groups may be involved in what appears to be a concerted attack against the sites and services concerned.

Websense, meanwhile, reports it has noticed a sharp rise in spam emails from Yahoo, Gmail and Hotmail accounts, indicated that some of the hacked accounts are being used for further phishing and spam attacks.

News of the scam was highlighted earlier this week when several lists, detailing more than 30,000 names and passwords from Google, Hotmail and Yahoo web email accounts were posted online.

The BBC reports that it has seen two lists that detail more than 30,000 names and passwords from email providers, including Yahoo and AOL, which were posted online.

Not all security experts remain convinced that the webmail hacking attacks are down to phishing, as data security specialist Imperva says the hacks are actually down to multi-vectored attack strategies being developed by increasingly sophisticated criminal gangs.

"Our observations suggest that phishing is being superseded by a multi-vectored approach of using trojan-launched keyloggers to record user credentials - as was almost certainly the case with Gmail - and accelerated multi-server attacks on Yahoo accounts," said Amichai Shulman, Imperva's chief technology officer.

"The Yahoo account attacks have been going on for more than a year, and are undoubtedly being accelerated by distributing the attack between multiple Yahoo servers in order to avoid being blocked," he said.

"There is also sophisticated software being use to direct the attack through a list of anonymous proxies," he added.

And, Shulman explained, these results allow the hackers to come up with lists of multiple account credentials, which are then traded between cybercriminals in much the same way that stolen debit and credit card details have been for some time.

What we are seeing, says the Imperva CTO, is a rapid acceleration in cybercriminal hacking automation to the point where the hacking gurus at the heart of their cybercrime empires can delegate the spadework out to their less experienced hacker colleagues.

"This trend is what has happened with Yahoo, where attackers are abusing a vulnerability in an API - exposed by many distributed Yahoo servers - to generate credentials using special software that performs brute force attacks at high speed," he said.

"With Gmail also falling - this time to what appears to be trojan-launched keyloggers - we're reaching the stage where two-factor authentication may now be needed to protect the integrity of email accounts. The only question is whether account users are prepared to use this technology," he added.


What’s hot on Infosecurity Magazine?