Mar 28, 2007 (11:03 AM EDT)
Identity Theft Driven By Dramatic Spikes In Threats

Read the Original Article at InformationWeek

Identity theft is being propelled forward by explosive growth in two of its biggest drivers -- phishing and malware, according to a new study.

In the first two months of this year, alone, phishing attacks grew by 50% and malware attacks dramatically increased by 200%, according to a study from Cyveillance, a risk monitoring company out of Arlington, Va. The company also identified more than 1 million suspected stolen Social Security numbers on the Internet, in the same two months.

"As our research shows, the breadth and depth of online risks are on the rise, with increasingly elaborate attack schemes and tactics," said Panos Anastassiadis, CEO of Cyveillance, in a written statement.

Company analysts reported that phishing attacks were increasing wildly during the past year, with most large financial institutions and a growing number of small- to medium-sized financial institutions targeted. The number of companies being phished has been consistently growing by more than 200 new victims each quarter, with a recent increase of 50% from January to February. That, according to Cyveillance, means the number of unique companies being targeted by phishing scams is up from 800 to 1,200.

The Cyveillance data supports a study that came out earlier this month showing that identity theft is exploding in the U.S., with 15 million Americans victimized in just a 12-month period. The amount of money that is being stolen from them is on the rise, as well, more than doubling between 2005 and 2006, Gartner analysts reported.

Credit Unions are showing the biggest growth as phishing targets, with a 584% increase this year, according to Cyveillance. Banks are getting picked on 325% more, insurance company attacks are up 300%, and singling out payment service companies increased by 285%.

Malware also is a major player when it comes to the identity theft industry.

Cyveillance reported a 200% increase in malware attacks in the first two months of 2007 with more than 1 million unique Web pages containing some type of malicious code. According to the Cyveillance report, in December 2006, the average number of URLs detected with malware averaged less than 20,000 on a daily basis. By February of this year, the average had grown to about 60,000 sites daily. One day actually showed a spike of nearly 140,000 new malicious sites.

Last week, SecureWorks released information on a Trojan that is reportedly feeding information from 10,000 stolen records to a Russian crime ring. The security company said the malware was specifically designed to circumvent financial institution's safeguards. The malware writer designed the malicious code with components geared to bypass the multifactor authentication protections that financial institutions generally use.