My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing.
From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected.
Highlights from the study:
Phishing increased by nearly 70% over the yearly period.
Most phishing is concentrated at small numbers of
domain registrars, domain registries, and hosting providers.
The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands.
Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD).
We studied registration behaviors among phishers and found that when phishers register domains, they tend to use them quickly.
57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.
We also developed a method for distinguishing maliciously registered domain names from legitimate but compromised domain names and found that
65% of phishing occurs on domains registered by phishers, for phishing attacks.
Interisle’s report is available at https://interisle.net/PhishingLandscape2021.html.