As usual, there's some good data in the 2H2013 Global Phishing Survey released by the APWG today.
Phishing attacks grew quite a bit, up 60% from the first half of 2013. Still short of the peak observed in the last half of 2012, but a significant increase nonetheless.
How else did the phishing landscape change in the last half of 2013?
- There were a high number of new organizations targeted, indicating that phishers are seeking to exploit organizations that less experienced and less prepared to mitigate attacks.
- The usage of URL shorteners and subdomains in attacks increased substantially. These methods had been on the decline.
Several trends continued:
- Webservers are still being heavily targeted in the hopes of compromising many domains that can be used for phishing (or DDoS, malware, criminal-to-criminal services, etc.) with a single hack.
- CMS tools such as WordPress, Joomla, Drupal, etc. are still a top vector for compromising hosts.
- Phishing in China continues to rise rapidly.