Manual de ataques de phishing analisados ​​pelo Google Estudo - Como, Tecnologia e Fórum de Segurança PC |

Manual de ataques de phishing analisados ​​pelo Google Estudo

Como todos nós sabemos e estão cientes, a maioria dos ataques phishing hackers estão sendo executadas por máquinas de bots automatizados em vez de seres humanos que vivem. A statistics in a recent study on the subject Google released shows that the so-calledhijacking o manualmight be more successful for hackers than the automated one though.

The detailed results of the research on these manual attacks can be found in Google’s report and show that never mind it takes much more efforts to profile the victims and perform for hackers, nine of one million phishing attacks per day are manual.

‘Manual Hijackingan Ordinary Job?

It looks like these manual attacks might be just an ordinary every-day job for some people. Google researchers found that the attacks start approximately in the same time during the day, notch up a drop around noon and end at approximately the same time of the day. They are not very active during weekends as well.
Here’s what is observed by the researchers:

  • The individuals seemed to work according to a tight daily schedule. They started around the same time every day and had a synchronized, one-hour lunch break. They were largely inactive over the weekends.
  • All individuals followed the same daily timetable, defining when to process the newly gathered password lists, and how to divide time between ongoing scams and new victims.
  • They were operating from different IPs, on different victims, and in parallel with each other, but the tools and utilities they used were the same. They also shared certain resources such as phone numbers.

Além disso, even if they have different IP addresses (which can be due to proxy servers or VPN networks actually) they use the same tools, even some shared recourses like phone numbers. Google tried to locate the hackers by IP addresses and noticed that most of them seem to be located in China and Malaysia but based on the above these results might be controversial.

Por outro lado, tracking of the phone numbers showed that two major groups might be doing the phishing – one in Nigeria and one on the Ivory Coast. Based on the most spread language for each country it seems that the Nigeria group is focused on English-speaking countries, while the Ivory Coast – on French-speaking ones.Manual-phishing-ataque

Great Challenge for the Researchers

Unfortunately still, the ‘manual hijackingis very hard to identify as the volume of these attacks is very small, and the crooks vary.

‘In our experience the greatest challenges in detecting manual hijacking is that it is extremely low volume, that hijackers are very versatile, and that it is difficult to strike the right balance between false positives (challenging legitimate users) and false negative (letting a hijacker in) when it come toGoogle researchers write.

They also advise that the most efficient way of protecting the data remains the 2-step verification process introduced by Google. ‘SMS verification, which has an over 80% taxa de sucesso, is the most reliable recovery option for multiple reasons. Primeiro, users tend to keep their phone number up-to-date, which make non-existent phone numbers a non-issue. em segundo lugar, it provides a very good user experience. Users find it easy to type in the code they receive via SMS. Finalmente, it is hard to fake’, they think.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar