What is Rock Phish? And why is it important to know?
It's been in the news recently with a substantial article by
Robert McMillan of the IDG News Service. After we read his article in InfoWorld, we asked Ken Dunham, Director of VeriSign's Rapid Response Team, and this is what he told us
Rock Phish is an individual or group of actors likely working out of Romania and nearby countries in the region. This group has been in operation since 2004 and is responsible for innovation in both spam and phishing attacks to date, such as pioneering image-spam. The group is named after URL characteristics, where strings such as "rock" or "r" may appear in a phishing URL. Multiple characteristics are utilized in associating phishing attacks with the Rock Phish Group.
He went on to say:
Rock Phish has successfully automated a highly sophisticated fraud ring involving spam and phishing for criminal gain.
Rock Phish is likely responsible for 50 percent or more of current phishing attacks today.
Estimated phishing losses from Rock Phish alone are in the millions annually. The group has reportedly attacked 44 different brands to date in at least nine different countries.
Attacks from Rock Phish often include multiple sub-domains on the same primary domain and strings like "rock" or "r" in the URL. Phishing servers often reside in Asia, especially China.
'With money as their main driver, our research has tracked how attacks have moved from being fast and large scale to being cleverly crafted to attack very specific groups under the radar,' he said. 'The unseen web threat is maturing, and users should be ever-more careful about what they download and install, as blended threats are ever-more cunning in their attempt to steal corporate and personal data or money.'