A new report by the Anti-Phishing Work Group (APWG) suggests that nearly half of all the phishing attacks in 2012 involved shared web hosting services.
The most common form of attack sees hackers break into a shared hosting server and reconfigure the programming so they display pages from a subdirectory of all the websites that are hosted on the server. With each shared server being potentially capable of hosting thousands of websites, it is a rich source of traffic for the phishing sites.
The technique is not a new one, but it has been on the rise in recent years and APWG reported that 14,000 phishing attacks were detected sitting on 61 different servers during August alone.
In total they detected at least 123,486 unique phishing attacks during the second half of 2012 from 83,913 different domain names. Almost all of these attacks resulted from compromised web hosting services.
APWG said: “Of the 89,748 phishing domains, we identified 5,835 domain names that we believe were registered maliciously, by phishers. The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting. These attacks highlight the vulnerability of hosting providers and software, exploit weak password management, and provide plenty of reason to worry.”
Phishing is not the only kind of security threat to a web hosting service. One example of other threats is Distributed Denial of Service Attacks. During the later part of 2012 a group emerged that has been specifically compromising websites purely to launch DDoS attacks that specifically target United States financial institutions.
Another mass attack, called Darkleech, allowed attackers to gain access to thousands of Apache Web Servers. They then installed backdoors in them through the SSH systems. Experts still don’t know how the hackers managed to obtain the initial access to the servers. It has been suggested that a weakness in a major service provider such as WordPress, Plesk, cpanel or webmin may be at fault for providing possible entry points.
Whatever the access point in the Darkleech attack, it is clear that businesses should be looking to ensure they have secure web hosting services.
If you are in any doubts about your web hosting, you are looking at getting a dedicated server or you are considering cloud hosting for your business, then you should contact CWCS, who have been at the leading edge of hosting services for over 15 years.Return to blog page