Security supplierRSAhas warned of a likely surge
in"man in the middle"(MITM)phishingattacks after it discovered
freehacking kitsare being
circulated.
Until recently, the capability to create a bogus web site, which
is used to steal confidential and personal finance information,
changed hands in the criminal underworld for $500 a time, said
Andrew Moloney, director of financial services security for
RSA.
However, criminals are now giving away these web kits in a bid
to stimulate their channel to market. Instead of a one-off payment,
they are receiving a regular revenue stream of stolen funds.
"Instead of selling the software, they get a copy of every set
of personal information that the
phishers obtain," said Moloney, "so now there are far more
criminals out there phishing for personal information."
RSA has traced kits that target more than 10 of the world's
leading financial institutions. The RSA 24/7 anti-fraud command
centre handles MITM attacks in a similar fashion to the way it
deals with standard phishing attacks, by monitoring sites and
attempting to block them. But Moloney admitted that proactive
action is beyond the company.
Although MITM attacks are considered to be a next-generation
attack by many, Moloney said they expect them to become widespread
over the course of the next 12 months to 18 months. "Very few of
the criminals get caught. And even if they were, they are rarely in
the same country as the businesses they target, so it is rare
anyone will be prosecuted."
The UK is now the second most popular phishing destination after
the US, according to the RSA's research.
Comment on this article:
computer.weekly@rbi.co.uk