With every day that passes the number of users on the Internet across the globe goes up. The beauty of the World Wide Web is the ease at which anyone with the simplest devices can connect, irrespective of where they are and what they are doing. The expansion of mobile networks in remote areas is further fuelling the growth and it is no wonder that companies such as Facebook are still growing at an amazing rate.
But with great opportunity comes an increased risk. It is the dark side of human nature that shows us where there is a confluence of good things, bad things will soon attack. And so is the case with the Internet. More people using the net means more people trying to create chaos, mischief and mayhem. And by chaos we mean Denial of Service attacks, mischief we refer to online fraud and mayhem to the spread of malware. But all is not doom and gloom out there as a report from APWG states this week.
The good news is that we (and we I mean those who play a role in Internet governance) are getting better at stopping the bad guys winning. In the second half of 2011, phishing attacks dropped by 27% as those determined to scam us found it harder to get their emails through more and more sophisticated detection systems. As a society we are starting to get the message that there is no pot of gold at the end of the rainbow in an African country, nor have we won the lottery in a country we have never visited. Whilst it is still very simple and easy for online scams to become profitable (a 0.001% success rate in some instances will cover any costs), education is slowly sinking in.
The main targets for phishing scams are also shifting. Up until June 2011, the number one target was Paypal. However, in the second half of the year it became Taobao.com, the largest e-commerce site in China. In fact the one trend that is on an upward curve is attacks on Chinese targets which rose by 25% in 2011.
The companies that maintain the Internet, such as the domain name registrars, registries, web hosting companies and anti-virus suppliers, are also getting better at detecting attacks. It is logical that the longer a phishing site is live, the more damage it can do to both the brand image of the company “targeted” and the wallets of those individuals who are duped. However, it often still requires some manual intervention to report a phishing site. In the second half of 2011 the average uptime of a phishing site was 46 hours, down from 73 hours the previous year but still far too high.
So time for a big pat on the back. Companies involved in the Internet are doing their job, the public are becoming more aware and those involved in the scams are realising it is harder and harder to get what they want. Unfortunately if it was only that simple. Whilst phishing attacks have declined, the mayhem that malware causes is becoming more and more of a problem.
For all of the good the work in detecting and preventing phishing attacks reaching their targets, the same cannot be said for malware, the spread of malicious software that is used to disrupt computer operating systems, gather personal information and then be used for illegal purposes.
Last year, Symantec, one of the leading providers of Anti-Virus protection saw an 81% increase in malware attacks. Fortunately they managed to block a staggering 5.5 billion attacks, but even still they estimated there was over 4,500 new attacks per day. As soon as they develop some protection against one threat, another few thousand types of malware are created. In fact last year over 400 million new variants were created, an increase of 41% from 2010.
If you are not hiding behind the sofa yet with your laptop in a bowl of disinfectant then it is about to get worse.
The vast majority of malware today is on legitimate sites. According to the Symantec report, you are more likely to be infected by malware on a legitimate website than one created by a hacker. And think that you can keep yourself good and clean by only viewing websites with more puritan views? Think again. Symantec found that there are now three times as many threats on religious sites as adult ones. The reason? It appears that adult sites are more reliant on subscription based revenues and so had more of a duty of care to keep their “house in order”.
The vast majority of Internet users will never fall foul to a phishing attack or be infected by malware, but that is not to say we all need to stay vigilant of the threat. For those of you old enough to remember Police 5 on UK Thames Television I will leave you with the catchphrase of the presenter, Shaw Taylor...”Keep ‘em peeled”.
Written by Stuart Fuller, Director of Communications Group NBT.
NetNames is a part of Group NBT Limited.