Today, my Interisle colleagues and I released a study, Cybercrime Supply Chain 2023: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them.
Criminals who perpetrate malware, spam, phishing and other serious cybercrimes enjoy an enormous economic advantage over defenders and responders. They can acquire resources from an online cybercrime supply chain where everything from phishing kits and malicious software, email lists and mobile numbers, domain names and Internet addresses, and places to host attacks are all readily and cheaply available.
Our report examines these supply chains.We examined over 10M reports collected at the Cybercrime Information Center to identify the many resources commonly used by criminals and focuses in particular on the name and addressing resources. We ranked Top-Level Domain (TLD) registries, TLD registrars, hosting providers, and subdomain resellers that criminals most frequently exploited to obtain resources, using both raw counts and comparativemetrics. We also looked at two domain registration behaviors: volume ("bulk") registration and registration of domains that contained exact matches of brands.
In the report, we recommend measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.The study was sponsored by the AntiPhishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.