The Street Way

Web hosting servers for use in mass phising attacks by hackers increasingly shared.!

Cybercriminals increasingly hack into shared Web hosting servers in order to use the domains hosted on them in large phishing campaigns, according to a report from the Anti-Phishing Working Group (APWG).

Forty-seven percent of all phishing attacks recorded worldwide during the second half of 2012 involved such mass break-ins, APWG said in  the latest edition of its Global Phishing Survey report  published Thursday .

In this type of attack, once phishers into a shared Web Hosting server, they updates its configuration so  that phishing pages are displayed from a particular sub directory of  every website hosted on the server, APWG said . A single shared hosting server can host dozens, hundreds even thousands of websites at a time m the organization said. (See also" Google Chrome leads the browser pack at preventing phishing, study finds. ") 

APWG is a coalition of over 2000 organization that include security vendor, financial institutions , retailers ,ISPs , telecommunication companies , defense contractors, law enforcement agencies, trade groups ,government agencies and more.

Hacking into shared Web hosting  servers and hijacking their domains for phishing purposes is not a new technique, but this type of malicious activity reached a peak in August 2012, when APWG detected over 14,000 phishing attacks sitting on 61 servers.

"Levels did decline in late 2012, but still remained troublingly high",APWG said.

Phishing jumped in late 2012


During the second half of 2012 , there were at least 123,486 unique phishing attacks worldwide that involved 89,748 unique domain names ,APWG said. This was a significant increase from the 93,462 phishing attacks and 64,204 associated domains observed by the organization during the first half of 2012.

"Of the 89.748 phishing domains .we identified 5835 domain names that we believe were registered maliciously , by phishers, " APWG said , " The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting ."

In order to break into such servers  attackers exploit vulnerabilities in Web server administration panels like cPanel or Plesk and popular Web applications like Word press or Joomla ." These attacks highlight the vulnerability of hosting providers and software , exploit weak password management, and provide plenty of reason to worry," the organization said.

Cybercriminals break into shared hosting environments in order to use their resources in various types of attacks not just phishing APWG said . For example , since late 2012 a group of hackers has been compromising Web servers in order to lunch DDoS( distributed denial-of-service ) attacks against U.S. financial institutions.

In one mass attack campaign dubbed Darkleech, attackers compromising thousands of Apache Web servers and installed SSH back doors on them , it's not clear how the Darkleech attackers break into these servers in the first place ,but vulnerabilities in Plesk, cPanel, Web-min or WordPress have been suggested as possible entry points.


Post a Comment