Wednesday, 09 August 2023

Interisle study reveals that phishing attacks have tripled since May 2020, situation worsening each year

My colleagues at Interisle Consulting Group and I today announced the publication of an industry report, Phishing Landscape 2023, A Study of the Scope and Distribution of Phishing. We analyzed more than 11 million phishing reports collected from 1 May 2020 to 30 April 2023 to provide annual and triennial measurements of phishing.

Our study identifies distinct, persistent exploitation and abuse of Internet resources, reveals that criminals can trivially acquire everything they need to phish.

Among the major findings in the study, Interisle reports that:

  • The number of phishing attacks has tripled since May 2020, and has increased 65% over the previous yearly study period.
  • The number of unique domain names reported for phishing continues to increase. More than 1 million unique domain names were reported for phishing during the current yearly period.

And the growth is concentrated:

  • New gTLDs host a disproportionate and growing share of phishing domains. Year after year, 90% of phishing domains in new gTLDs are in just 25 new gTLDs.
  • Phishers prefer to host their web pages in the US, and 42% of all phishing attacks were concentrated in just five US-based hosting networks.
  • User accounts created to host phishing web sites at subdomain providers more than doubled. 80% of these attacks occurred on accounts created at just eight providers.
  • Two-thirds of domain names reported for phishing across all TLDs were registered specifically to carry out a criminal act. Preventing the registration of these domains, and taking them down quicky, should be a priority for the domain name industry.

In our press release, I comment that "“By examining phishing over a three-year period, we were able to answer questions such as ‘Are phishers doing business at the same registry, registrar, or web hosting services year after year?’ and ‘How has phishing evolved over a three-year period?’ Our data show that the largely independent efforts by the domain name and hosting industries, governments, and private sector organizations have done little to slow the growth of phishing and the damage it causes to Internet users around the world.”

In our report, we discuss how policy regimes can be more proactive in mitigating phishing, how governments might encourage effective phishing mitigation strategies, and how past and recent successes in litigating organizations where phishers most frequently obtain resources they use in for their criminal activities have effected change. These recommendations include, for domain names registries and registrars:

1) Clear prohibition of the use of registered domain names to conduct fraudulent, illegal, or deceptive practices, including phishing.
2) Requirement for swift suspension or cancellation by registrars and registries of domain names that are identified as maliciously or abusively registered.
3) A duty for domain name registrars and registries to investigate reports of abuse in a timely manner that is clearly defined, and
4) Adoption of preventative, proactive anti-abuse techniques.

The report emphasizes that mitigation requires cross-industry collaboration, and explains that hosting operators must also commit to these or similar proactive measures. The report also encourages governments to consider taking a more prominent role in ensuring such cybercrimes are less likely to emanate from their namespace.

In the absence of more effective mitigation measures and broader cooperation, litigation has shown to be an effective tool in stemming abuse.

Quoting from the report, "In late 2022, Freenom was sued by Meta and the impact was immediate. By January 2023, Freenom stopped offering domains names, and the number of Freenom domains used for phishing quickly plummeted."

Our report reviews more than a decade of lawsuits involving domain names to demonstrate that litigation has shown to be an effective tool in stemming abuse. Quite honestly, I'm surprised that more of the top targeted brands aren't pursuing litigation. 

The Interisle report and Executive Summary is available at https://interisle.net/PhishingLandscape2023.html
I've posted a summary of the report at https://www.cybercrimeinfocenter.org/phishing-landscape-2023.

Posted at 09:40 AM in All matters security, Anti-Malware and Anti-phishing, Domain names and DNS | | Comments (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • Interisle study reveals that phishing attacks have tripled since May 2020, situation worsening each year
    My colleagues at Interisle Consulting Group and I today announced the publication of an industry report, Phishing Landscape 2023, A Study of the Scope and Distribution of Phishing. We analyzed more than 11 million phishing reports collected from 1 May 2020 to 30 April 2023 to provide annual and triennial measurements of phishing. Our study identifies distinct, persistent exploitation and abuse of Internet resources, reveals that criminals can trivially acquire everything they need to phish. Among the major findings in the study, Interisle reports that: The number of phishing attacks has tripled since May 2020, and has increased 65% over...
  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

Search

My Photo

Categories