The Security Skeptic

My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.

My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Dave Piscitello and Dr. Colin Strutt As part of the US Covid-19 virus tax relief effort (American Rescue Plan Act of 2021, H.R.1319), the US Internal Revenue Service (IRS) issued a series of Economic Impact Payments to millions of eligible citizens. The third payment was authorized in March 2021. Criminals took note of this well-publicized program and put a phishing campaign together to profit by stealing and subsequently exploiting personal information of US citizens. Like many phishing campaigns, EIP phishing emails and text messages mimic correspondence to convince US citizens to submit personal information or an advance fee payment at...

My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing. From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected. Highlights from the study: Phishing increased by nearly 70% over the yearly period. Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands. Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD). We...