The use of malware on websites to steal passwords and other sensitive information is rocketing, according to a new report from the Anti-Phishing Working Group.
The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 in May, the APWG reported in its quarterly report issued this week.
The increase is primarily due to malicious code being used in SQL injection attacks, in which a small malicious script is inserted into a database that feeds information to the website. Typically, the host site is legitimate such as BusinessWeek's, not a phishing site created for the sole purpose of stealing consumer data.
The financial-services industry is the most targeted sector for phishing attacks, followed by those focusing on auctions and payment services, the report found.
"Cybercriminals continue to increase their activities to levels never before seen in the five years since the APWG has been monitoring phishing and crimeware," APWG chairman Dave Jevans said in a statement.
The recession is prompting even more malicious activity online, Jevans said.
"The current financial crisis has also been used by phishers to create new scams that try to scare consumers into entering their usernames and passwords into sites that mimic those of well-known distressed financial institutions," Jevans said. "As the economy degrades, we are seeing a continual increase in malicious and criminal activity on the internet."
Another report issued this week shows that IT security professionals view cybercrime and data breaches as the top security risks, followed by mobility, outsourcing, cloud computing, mobile devices, peer-to-peer file sharing, Web 2.0 services and malware.
Meanwhile, respondents who work in IT operations listed outsourcing as the biggest risk, followed by mobile devices and cybercrime, in the 2008 Security Mega Trends Survey conducted by The Ponemon Institute on behalf of Lumension Security. In the survey, 577 respondents work in IT security, and 825 work in IT operations.
Of those surveyed, 83 percent of the IT security workers and 79 percent of IT operations professionals reported that their organisation had a data breach due to customer or employee information being lost or stolen. Overall, 92 percent of the organisations have experienced a cyberattack.
Another survey, released on Thursday by CA, looks at behaviours and perceptions among American adults and teens of their safety online.
Fifty-seven percent of adults fear they may become victims of identity fraud online within the next two years, and 90 percent worry about the security of their personal data. Meanwhile, 35 percent of teens leave their social-networking profiles open to viewing by strangers, 38 percent post their education information, 32 percent disclose their email addresses, and 28 percent reveal their date of birth.
