Report: Web Hosts Common Target of Phishers

Nearly 40 percent of web hosts were repeat victims of phishing attacks that resulted in the placing of malware on their server platforms, according to a new report by the Internet Policy Committee of the Anti-Phishing Working Group.

Thirty-seven percent of respondents said their websites had phishing or spoof sites planted on their web servers two or more times before, a number that reflects the persistence of phishers and the difficulties of fighting them, APWG said.

The most frequently attacked operating system among survey respondents was Linux OS, with 76 percent. Attack victims reported they used Apache as their web server in 81 percent of the responses, MySQL as their database application in 81 percent of the responses, and PHP/Java as their application platform in 82 percent of responses.

Only 7 percent of victims reported the compromised website was used for e-merchant purposes. Seventeen percent said  customer data were stored on the compromised hosts, while only 4 percent cited theft of customer data.

Eighty-four percent of the victims reported attackers uploaded phishing or spoof web pages and scripts onto sites for use during their phishing attempt. Additionally, 24 percent of victims said attackers installed malicious software on their sites.

Detecting the compromises, only one in five victims said the attacks were discovered by their own staff; 52 percent were informed of the attack by third-party security companies.

 

You may also be interested in...

Red Hat’s David Egts: Open-Source Training, ‘Sense of Mission’ Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat’s North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …