Tuesday, April 30, 2013

Gone Phishin' in China

Today's Network World article on phishing tactics (see it here) caused me to reminisce about the Joe Pesci and Danny Glover movie Gone Fishin'. Some "phishing" datapoints:

  • Basically, the best phishing holes are in China, at least if you count up the registrars who issue phishing licenses worldwide.
  • Phishing tactics give "catch and release" a whole new meaning, what with the proliferation of the 89,748 unique compromised hosting domains used.
  • Phishing with dynamite is the new trend; mass break-in techniques were used in 58,100 attacks. Toss in that stick of dynamite and get out your nets as all the stunned phishees float to the top.
  • Shared hosting environments have become the "Phishing boats"of choice, particularly WordPress, cPanel and Joomia installations.
Unlike the movie, though, there's not a whole lot of laughing going on, at least as long as we're constrained to play defense-only/hands-tied-behind-our-back security management. We're just dumb fish on a pond, waiting for that next stick of dynamite to knock us senseless and into the nets of phishers who, by the way, are having a lot of fun.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?