SlideShare a Scribd company logo

RSA Monthly Online Fraud Report -- January 2014

E
EMC

This report examines global phishing and cybercrime trends and offers the latest insight straight from the fraud underground.

TechnologyNews & Politics
1 of 4
Download to read offline
2013 A YEAR IN REVIEW January 2014 PHISHING 2013: A LOOK BACK 2013 has proven to be yet another record year in the number of phishing attacks launched globally. With nearly 450,000 attacks and record estimated losses of over USD $5.9 billion (using APWG’s average uptime of 44:39 hours), phishing remains an ominous threat to consumers and businesses around the world. Compared to 2012, we only saw a slight increase – about 1% - in the total number of attacks, but did see an all-time peak in October with over 62,000 unique attacks identified in a single month. 500000 Phishing Increase Year over Year Phishing volumes 2010 through 2013. 445004 448126 2012 2013 400000 279580 300000 203983 200000 100000 0 2010 2011 Noticeable attack methods this year included the Bouncer attack that filtered incoming victims based on a unique URL parameter values. Not having the “right” parameter value would send the unwitting users to a standard 404-page. The laser-precision attack theme repeated several times during the year with variations on the filtering element including basic FRAUD REPORT R S A M O N T H LY F R A U D R E P O R T page 1
geo-IP filtering. The motives behind such kits are mainly commercial: selling credentials has become a commodity in the underground. A commoditized marketplace drives vendors to provide more value for money, and high-quality, precision lists provide just that. Abundant tools and offerings flourished in the underground. For example, email bombers and mass mailers are readily available to make the lives of phishers and would-bephishers easier. And if you are not sure how to go about mass mailing/spamming, a tutorial is not far away. A free tutorial on mass-mailing techniques being offered freely in the underground. A more sinister post we came across offered a tutorial—and a free tool—on how to spearphish individuals working at specific organizations. Jigsaw: a script-based tool to enumerate employee information for spear-phishing attacks. COMPARISONS YEAR OVER YEAR Last year, we witnessed a 160% increase over 2011 signifying a record year in phishing volumes. While we did not expect the 2012 record to be broken, 2013 seems to have done just that, even though just a slight increase of about one percent. 150000 Phishing Growth by Quarter 2012/2013 quarterly phishing volumes. 144334 141254 2012 2013 120000 125212 125342 105183 99699 90000 81961 60000 70145 30000 0 Q1 R S A M O N T H LY F R A U D R E P O R T Q2 Q3 Q4 page 2
Examining phishing trends on a quarterly basis shows that 2013 saw a constant growth in phishing volumes throughout the year as opposed to the expected decline in Q4. a US PHISHING BY GEOGRAPHY Italy S Africa China Canada Netherlands India Brasil Latin America 4% APJ and Oceania 7% Phishing Volume by Global Region 2013 regional breakdown of phishing attack volume. EMEA 28% U.S. and Canada 63% The country most targeted, unsurprisingly, was the U.S., suffering over 60% of worldwide phishing volumes. Throughout the year, the U.S. was most targeted with the most significant volume coming in October when it saw 80% of global phishing attacks that month. The top 10 countries targeted by phishing in 2013 were: 1. United States 2. United Kingdom 3. Germany 4. India 5. South Africa 6. Canada 7. Netherlands 8. Colombia 9. Australia 10. Brazil Regional Breakdown When looking at phishing volumes across the different geo-regions, North America (including the U.S. and Canada) was the most targeted, followed by EMEA (including the UK) with 26% of global phishing volumes. The following regional breakdown (excluding North America) shows the top three countries targeted in each region and their estimated global losses from phishing in 2013: Regional Breakdown: Europe, Middle East and Africa (Emea) The top three countries and their estimated losses for phishing in EMEA are as follows: 1. 2. Germany, 25% of phishing volume, total estimated losses = $386 million 3. R S A M O N T H LY F R A U D R E P O R T United Kingdom, 31% of phishing volume, total estimated losses = $467 million South Africa, 15% of phishing volume, total estimated losses = $222 million page 3
Regional Breakdown: Asia Pacific, Japan and Oceania The top three countries and their estimated losses for phishing in the Asia Pacific region are as follows. 1. India, 54% of phishing volume, total estimated losses = $225 million 2. Australia, 21% of phishing volume, total estimated losses = $87 million 3. China, 14% of phishing volume, total estimated losses = $59 million Regional Breakdown: Latin America The top three countries and their estimated losses for phishing in Latin America are as follows. 1. Colombia, 43% of phishing volume, total estimated losses = $95 million 2. Brazil, 39% of phishing volume, total estimated losses = $86 million 3. Mexico, 8% of phishing volume, total estimated losses = $19 million 2014 PHISHING FORECAST Phishing, the cybercrime equivalent of pickpocketing, is a crime that is easily committed with very little cost to the attacker: cheap (criminal) hosting services—offered mostly on-top of hijacked websites—are abundantly available. If spamming 500,000 email addresses only sets you back a mere $65, it is no surprise that phishing attack volumes are not dropping. Looking forward into 2014, we expect to see: –– hishing volumes will not drop considerably, though we may see a slight decline. The P decline will be mainly due to growing adoption of email authentication, namely DMARC, which together with tighter policy should help in the reduction of phishing emails received by end users. However, wider global adoption (into LATAM and APJ) still plays a major factor in the battle against phishing. –– ig data analytics and broader intelligence collection will lead to faster detection and B quicker mitigation, resulting in lower financial losses. With the millions of spam messages traversing the internet on a daily basis, separating the wheat from the chaff has become far more challenging. Advancements in phishing techniques and methods also serve to add a layer of complexity when it comes to detection. Deploying analytics into the detection process provides a way to see though the noise and get to the phish faster. Coupled with broader intelligence collection, attacks may be prevented before they are launched. –– reater end user awareness will serve to reduce losses. Cyber awareness has become a G mainstream conversation topic—people are becoming more aware of the dangers in the digital world. More awareness translates directly into fewer losses. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa www.emc.com/rsa ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JAN RPT 0114

Recommended

Formulario devoluciones
Formulario devolucionesFormulario devoluciones
Formulario devolucionesNathalia Sanchez
 
Mit2 092 f09_lec02
Mit2 092 f09_lec02Mit2 092 f09_lec02
Mit2 092 f09_lec02Rahman Hakim
 
Black plague wed thur
Black plague wed thurBlack plague wed thur
Black plague wed thurTravis Klein
 
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec by PMC
 
Fotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura boFotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura bomgonellgomez
 
Flip book
Flip bookFlip book
Flip bookcarloszendejas
 
Forex game
Forex gameForex game
Forex gameTravis Klein
 
вивчення мотивації вибору професії
вивчення мотивації вибору професіївивчення мотивації вибору професії
вивчення мотивації вибору професіїТатьяна Глинская
 

Recommended

Formulario devoluciones
Formulario devolucionesFormulario devoluciones
Formulario devolucionesNathalia Sanchez
 
Mit2 092 f09_lec02
Mit2 092 f09_lec02Mit2 092 f09_lec02
Mit2 092 f09_lec02Rahman Hakim
 
Black plague wed thur
Black plague wed thurBlack plague wed thur
Black plague wed thurTravis Klein
 
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance Whitepaper
Adaptec RAID 81605ZQ vs. LSI MegaRAID 9361-8i Performance WhitepaperAdaptec by PMC
 
Fotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura boFotonovel·la aya, basma i laura bo
Fotonovel·la aya, basma i laura bomgonellgomez
 
Flip book
Flip bookFlip book
Flip bookcarloszendejas
 
Forex game
Forex gameForex game
Forex gameTravis Klein
 
вивчення мотивації вибору професії
вивчення мотивації вибору професіївивчення мотивації вибору професії
вивчення мотивації вибору професіїТатьяна Глинская
 
Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etcTravis Klein
 
Editing trailer
Editing trailerEditing trailer
Editing trailerKhendle Christie
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recoverChandan Dubey
 
Digipak research
Digipak researchDigipak research
Digipak researchloousmith
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCsResearch Now
 
Day2
Day2 Day2
Day2 Travis Klein
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review EMC
 
Yourprezi
YourpreziYourprezi
Yourprezicolera Vh
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiHirokuma Ueno
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Microsoft TechNet - Belgium and Luxembourg
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the marginTravis Klein
 
Tes
TesTes
TesWarsono Cah Keren
 
Amarnath darshan
Amarnath darshanAmarnath darshan
Amarnath darshanChandan Dubey
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyuChandan Dubey
 
Topic 4 journal
Topic 4 journalTopic 4 journal
Topic 4 journalSrinivas Methuku
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?Laurel Gerdine
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 

More Related Content

Viewers also liked

Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etcTravis Klein
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recoverChandan Dubey
 
Digipak research
Digipak researchDigipak research
Digipak researchloousmith
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCsResearch Now
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review EMC
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiHirokuma Ueno
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Microsoft TechNet - Belgium and Luxembourg
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the marginTravis Klein
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyuChandan Dubey
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?Laurel Gerdine
 

Viewers also liked (17)

Ppp burgernomics etc
Ppp burgernomics etcPpp burgernomics etc
Ppp burgernomics etc
 
Editing trailer
Editing trailerEditing trailer
Editing trailer
 
4 things you_cannot_recover
4 things you_cannot_recover4 things you_cannot_recover
4 things you_cannot_recover
 
Digipak research
Digipak researchDigipak research
Digipak research
 
Webinar Tracker ABCs
Webinar Tracker ABCsWebinar Tracker ABCs
Webinar Tracker ABCs
 
Day2
Day2 Day2
Day2
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshow
 
White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review White Paper: EMC FAST Cache — A Detailed Review
White Paper: EMC FAST Cache — A Detailed Review
 
Yourprezi
YourpreziYourprezi
Yourprezi
 
NDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRiNDEF WriterとOSとPaSoRi
NDEF WriterとOSとPaSoRi
 
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built...
 
Tues examples thinking at the margin
Tues examples thinking at the marginTues examples thinking at the margin
Tues examples thinking at the margin
 
Tes
TesTes
Tes
 
Amarnath darshan
Amarnath darshanAmarnath darshan
Amarnath darshan
 
Underground city of_derinkuyu
Underground city of_derinkuyuUnderground city of_derinkuyu
Underground city of_derinkuyu
 
Topic 4 journal
Topic 4 journalTopic 4 journal
Topic 4 journal
 
How Can Take3 Help You Win?
How Can Take3 Help You Win?How Can Take3 Help You Win?
How Can Take3 Help You Win?
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

RSA Monthly Online Fraud Report -- January 2014

  • 1. 2013 A YEAR IN REVIEW January 2014 PHISHING 2013: A LOOK BACK 2013 has proven to be yet another record year in the number of phishing attacks launched globally. With nearly 450,000 attacks and record estimated losses of over USD $5.9 billion (using APWG’s average uptime of 44:39 hours), phishing remains an ominous threat to consumers and businesses around the world. Compared to 2012, we only saw a slight increase – about 1% - in the total number of attacks, but did see an all-time peak in October with over 62,000 unique attacks identified in a single month. 500000 Phishing Increase Year over Year Phishing volumes 2010 through 2013. 445004 448126 2012 2013 400000 279580 300000 203983 200000 100000 0 2010 2011 Noticeable attack methods this year included the Bouncer attack that filtered incoming victims based on a unique URL parameter values. Not having the “right” parameter value would send the unwitting users to a standard 404-page. The laser-precision attack theme repeated several times during the year with variations on the filtering element including basic FRAUD REPORT R S A M O N T H LY F R A U D R E P O R T page 1
  • 2. geo-IP filtering. The motives behind such kits are mainly commercial: selling credentials has become a commodity in the underground. A commoditized marketplace drives vendors to provide more value for money, and high-quality, precision lists provide just that. Abundant tools and offerings flourished in the underground. For example, email bombers and mass mailers are readily available to make the lives of phishers and would-bephishers easier. And if you are not sure how to go about mass mailing/spamming, a tutorial is not far away. A free tutorial on mass-mailing techniques being offered freely in the underground. A more sinister post we came across offered a tutorial—and a free tool—on how to spearphish individuals working at specific organizations. Jigsaw: a script-based tool to enumerate employee information for spear-phishing attacks. COMPARISONS YEAR OVER YEAR Last year, we witnessed a 160% increase over 2011 signifying a record year in phishing volumes. While we did not expect the 2012 record to be broken, 2013 seems to have done just that, even though just a slight increase of about one percent. 150000 Phishing Growth by Quarter 2012/2013 quarterly phishing volumes. 144334 141254 2012 2013 120000 125212 125342 105183 99699 90000 81961 60000 70145 30000 0 Q1 R S A M O N T H LY F R A U D R E P O R T Q2 Q3 Q4 page 2
  • 3. Examining phishing trends on a quarterly basis shows that 2013 saw a constant growth in phishing volumes throughout the year as opposed to the expected decline in Q4. a US PHISHING BY GEOGRAPHY Italy S Africa China Canada Netherlands India Brasil Latin America 4% APJ and Oceania 7% Phishing Volume by Global Region 2013 regional breakdown of phishing attack volume. EMEA 28% U.S. and Canada 63% The country most targeted, unsurprisingly, was the U.S., suffering over 60% of worldwide phishing volumes. Throughout the year, the U.S. was most targeted with the most significant volume coming in October when it saw 80% of global phishing attacks that month. The top 10 countries targeted by phishing in 2013 were: 1. United States 2. United Kingdom 3. Germany 4. India 5. South Africa 6. Canada 7. Netherlands 8. Colombia 9. Australia 10. Brazil Regional Breakdown When looking at phishing volumes across the different geo-regions, North America (including the U.S. and Canada) was the most targeted, followed by EMEA (including the UK) with 26% of global phishing volumes. The following regional breakdown (excluding North America) shows the top three countries targeted in each region and their estimated global losses from phishing in 2013: Regional Breakdown: Europe, Middle East and Africa (Emea) The top three countries and their estimated losses for phishing in EMEA are as follows: 1. 2. Germany, 25% of phishing volume, total estimated losses = $386 million 3. R S A M O N T H LY F R A U D R E P O R T United Kingdom, 31% of phishing volume, total estimated losses = $467 million South Africa, 15% of phishing volume, total estimated losses = $222 million page 3
  • 4. Regional Breakdown: Asia Pacific, Japan and Oceania The top three countries and their estimated losses for phishing in the Asia Pacific region are as follows. 1. India, 54% of phishing volume, total estimated losses = $225 million 2. Australia, 21% of phishing volume, total estimated losses = $87 million 3. China, 14% of phishing volume, total estimated losses = $59 million Regional Breakdown: Latin America The top three countries and their estimated losses for phishing in Latin America are as follows. 1. Colombia, 43% of phishing volume, total estimated losses = $95 million 2. Brazil, 39% of phishing volume, total estimated losses = $86 million 3. Mexico, 8% of phishing volume, total estimated losses = $19 million 2014 PHISHING FORECAST Phishing, the cybercrime equivalent of pickpocketing, is a crime that is easily committed with very little cost to the attacker: cheap (criminal) hosting services—offered mostly on-top of hijacked websites—are abundantly available. If spamming 500,000 email addresses only sets you back a mere $65, it is no surprise that phishing attack volumes are not dropping. Looking forward into 2014, we expect to see: –– hishing volumes will not drop considerably, though we may see a slight decline. The P decline will be mainly due to growing adoption of email authentication, namely DMARC, which together with tighter policy should help in the reduction of phishing emails received by end users. However, wider global adoption (into LATAM and APJ) still plays a major factor in the battle against phishing. –– ig data analytics and broader intelligence collection will lead to faster detection and B quicker mitigation, resulting in lower financial losses. With the millions of spam messages traversing the internet on a daily basis, separating the wheat from the chaff has become far more challenging. Advancements in phishing techniques and methods also serve to add a layer of complexity when it comes to detection. Deploying analytics into the detection process provides a way to see though the noise and get to the phish faster. Coupled with broader intelligence collection, attacks may be prevented before they are launched. –– reater end user awareness will serve to reduce losses. Cyber awareness has become a G mainstream conversation topic—people are becoming more aware of the dangers in the digital world. More awareness translates directly into fewer losses. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa www.emc.com/rsa ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JAN RPT 0114