Equifax taken down by phishing attack

Major credit rating organisation Equifax was on Monday hit by a massive phishing attack which took the company’s internet server offline, Information Age has learnt.

The phishing attack was launched early on Monday morning by the Rock Phish gang, a group of highly technical e-criminals thought to be located in Eastern Europe. Equifax has employed a security company to take down the bogus site, Information Age understands.

Equifax has verified that some customers were targeted by phishing attempts using one of the company’s online delivery systems.

Secure-Bastion, told Information Age that the credit industry has become a chief target of the Rock Phish e-crime gang. “Equifax is concerned about the future because [the attack] was perpetrated by a particularly nasty group [of e-criminals],” he said.

The US-based company is hoping to involve the federal government, he added.

The Rock Phish gang has been in operation since 2004, and is believed to be responsible for some of the key innovations in both phishing and spam attacks in recent years, including image-based spam.

“The Rock Phish is a new type of attack which is very hard to defend against,” says Walker. “Underlying the Rock Phish attack is the use of Wildcard DNS which is employed to resolve to variations of IP addresses which are then mapped onto a dynamic gathering of compromised machines."

"This means Rock Phish sites are much more durable and harder to take down,” adds Walker.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics