While still occurring in high volumes, the rate of broad-based phishing attacks targeting new companies and industries reached its highpoint of 431 in the first quarter of 2007. The second half of the year saw a significant decrease with only 106 new brands targeted in the fourth quarter. Cyveillance ’s data indicates that these attacks became more focused throughout the year, repeatedly targeting prominent brands in key industries. Financial service institutions continue to be the top targets of phishers, with banks and credit unions accounting for nearly 9 out of 10 new brands targeted in the fourth quarter. Overall, more than 1,750 brands have been attacked since 2005.

Throughout last year phishing attacks became more sophisticated and evolved to incorporate legitimate brand names and URLs. Highlighting the rapid evolution of these scams in 2007, phishing attacks leveraging compromised Web sites grew from 38 percent in the third quarter to 51 percent in the fourth quarter. The use of compromised Web sites complicates the attack take down process for the targeted organization, because it requires that specific URLs be removed without disrupting the site ’s legitimate operations. In addition, the use of targeted brands within the URL of phishing sites increased significantly, representing over 50 percent of all attacks. Phishers frequently include the brand in the URL to help legitimize their spoofed pages.

Continuing a trend first identified in the third quarter, Cyveillance ’s data shows a 30 percent growth in malware attacks outside the United States as criminals diversify their targets throughout the world ’s most economically developed countries. This global expansion resulted in malware attacks against United States citizens decreasing from a high of 75 percent in the first quarter to 45 percent in the fourth quarter. France and Japan represent the largest malware targets outside of the United States with attacks in these countries increasing since the beginning of the year to 20 percent and 12 percent respectively.

All figures and statistics in the Cyveillance report are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between October 1 and December 31, 2007. It represents aggregate cyber intelligence findings that Cyveillance has delivered to its OEM data partners, except where otherwise noted.