« Cybercrime Information Center's YouTube Channel | Main | FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec »

Monday, 14 November 2022

Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period

A recent ebb in domain names reported for phishing created some euphoria in the domain industry.

With phishing activity, as with tides, ebbs are invariably followed by flows.

In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% quarter over quarter increase in phishing attacks, which is a measure of phishing sites that target a specific brand or entity. (Note: if multiple phishing reports refer to the same phishing activity, the Center collapses duplicates to yield phishing attacks.)

The Center reported a nearly 20% quarter over quarter increase in unique domain names reported for phishing. This is a measure of a resource that phishers aquire for phishing attacks and not the same measure as phishing attack.

The increase in unique domain names reported for phishing follows a short period where phishers appeared to use fewer domain names. This is illustrated by the green trendline in the figure.

In the August-October 2022 time period, the number of unique domains reported trends up.

Phishingtrendsmay2020october2022

The number of phishing attacks reported has increased  dramatically, from 405,000 attacks in the May-June 2022 period to nearly 570,000 attacks in the August-October period. This is illustrated by the orange trendline in the figure.

The majority of domain names reported for phishing continue to be registered by phishers, for phishing (malicious domain registrations).

The Center's quarter over quarter key statistics report that 70% of unique domains reported for phishing were maliciously registered (208,000 of 297,000). This is a 4% increase over the previous quarter. 

My advice: put more stock in trend lines than any single measure that creates temporary euphoria.

Posted at 12:25 PM in All matters security, Anti-Malware and Anti-phishing, Domain names and DNS |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook

Spotlight Posts

  • Interisle study reveals that phishing attacks have tripled since May 2020, situation worsening each year
    My colleagues at Interisle Consulting Group and I today announced the publication of an industry report, Phishing Landscape 2023, A Study of the Scope and Distribution of Phishing. We analyzed more than 11 million phishing reports collected from 1 May 2020 to 30 April 2023 to provide annual and triennial measurements of phishing. Our study identifies distinct, persistent exploitation and abuse of Internet resources, reveals that criminals can trivially acquire everything they need to phish. Among the major findings in the study, Interisle reports that: The number of phishing attacks has tripled since May 2020, and has increased 65% over...
  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

Search

My Photo

Categories