My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study.
We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains.
Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns.
In our report, we provide actionable insights for those aiming to curb cybercrime.
Among the major findings in the study, Interisle reports that:
- The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled, from 4 million to 8 million attacks.
- Consumption of domain name resources by cybercriminals increased 81%. Over 8.6 million unique domains were used in cyberattacks compared to 4.8 million last year.
- Over 2.6 million domains used in cyberattacks were registered in bulk, a 106% increase compared to last year.
- Nearly 1.2 million subdomain hostnames were found to be used in attacks, an increase of over 114% compared to last year.
- New generic top-level domains (gTLDs) accounted for 37% of cybercrime domains reported while holding only 11% of the total domain name market.
- The number of IPv4 addresses reported for hosting cybercrime nearly doubled in both China and India.
Efforts to make it more difficult and costly for criminals to acquire these resources, conduct crimes, and “launder” criminal proceeds would help reduce the profitability and allure of the business.
Among our recommendations:
- Implement rigorous identify verification / certification requirements for parties wishing to bulk register domain names.
- Limit the number of accounts and subdomains that a customer can register with free or inexpensive web hosting (subdomain) providers.
- Expand the deployment of automated systems to screen for suspicious resource registration and use patterns.
- Create “Trusted Reporter” programs across industry to facilitate swift suspension of cybercrime resources identified by recognized and trusted cybercrime monitors.
- Penalize service providers that consistently and disproportionately supply cybercriminals with attack resources or incentivize them to stop.
We note that sustainable change will only occur if a broad range of stakeholders (including governments, where necessary) step up and implement real-world solutions to reduce criminal access to resources.
The Cybercrime Supply Chain 2024 report is available at https://interisle.net/CybercrimeSupplyChain2024.pdf.
Interisle publishes measurements of where criminals obtain resources they use to perpetrate cybercrimes at the Cybercrime Information Center and offers cybercrime awareness videos at https://www.youtube.com/@cybercrimeinfocenter.