Monday, 04 October 2021

Study reports a 70% increase in phishing from May 2020 through April 2021

My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing.

From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected.

Highlights from the study:

 

Phishing increased by nearly 70% over the yearly period. 

 

Most phishing is concentrated at small numbers of
domain registrars, domain registries, and hosting providers.

 

The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands.

 

Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD).

 

We studied registration behaviors among phishers and found that when phishers register domains, they tend to use them quickly.

 

57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.

 

We also developed a method for distinguishing maliciously registered domain names from legitimate but compromised domain names and found that

 

65% of phishing occurs on domains registered by phishers, for phishing attacks.


Interisle’s report is available at https://interisle.net/PhishingLandscape2021.html.

Posted at 09:54 AM in All matters security, Anti-Malware and Anti-phishing | | Comments (0)

Next »

Search

My Photo
The Skeptic's email address

Categories

Spotlight Posts

  • Study reports a 70% increase in phishing from May 2020 through April 2021
    My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing. From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected. Highlights from the study: Phishing increased by nearly 70% over the yearly period. Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands. Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD). We...
  • In new study Interisle Reveals Excessive Withholding of Internet WHOIS Data
    My Interisle colleagues, together with Greg Aaron, have completed an in-depth analysis of the effects of ICANN policy for WHOIS, a public lookup service that has until recently made it possible to identify who registered and controls a domain name. The European Union’s General Data Protection Regulation (GDPR), adopted in May 2018, restricted the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS. The implementation of this policy has been widely criticized,...
  • New study: Phishing Landscape 2020
    My colleagues Greg Aaron, Dr. Colin Strutt, Lyman Chapin and I have published a new research report, Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing. The report can be found at http://www.interisle.net/PhishingLandscape2020.html Our goal in this study was to capture and analyze a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing. We studied where phishers are getting the resources they need to perpetrate their crimes — where they obtain domain...
  • Widespread Issues with Domain Registration Accountability Have a COVID Nexus
    My Interisle partners and colleague Greg Aaron have published a detailed study that measures the effectiveness and impact of ICANN's registration data access policies and procedures. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic. In our Press Release I make the comment that, “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate...
  • Report: Criminal Abuse of Domain Names, Bulk Registration and Contact Information Access
    My Interisle Consulting Group colleague, Dr. Colin Strutt and I have published a report, Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access http://interisle.net/criminaldomainabuse.html In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals. We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec...