Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing.
Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period.
Findings from the study:
• The total number of phishing attacks grew to ~1.9 million incidents worldwide.
• Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks.
• The use of the decentralized InterPlanetary File System to host and launch phishing attacks also increased 1,300%.
• After the demise of the phish-friendly Freenom, cybercriminals moved to using inexpensive domain names in new gTLDs. 42% of all domains reported for phishing were registered in new gTLDs, compared to 25% last year.
• The registration of high volumes of domain names at one time (bulk registration) accounts for 27% of all domain names used in phishing attacks.
• Four of the top five hosting providers used by phishers to host phishing attacks were based in the United States.
• Domain name registration policies significantly affect the level of phishing in a TLD. Robust customer verification requirements adopted by ccTLDs in Europe and the Asia-Pacific region correlate with lower levels of phishing activity.
Phishing is a global threat. Fighting it effectively will require worldwide policy and legislative attention, the cooperation of domain name registries and registrars, Internet and web hosting service providers, and national and international government agencies. Interisle offers several measures to disrupt the phishing supply chain and effectively remediate phishing attacks, including adoption of digital identity verification services, delayed delegation of suspicious names, and trusted reporter programs.
URL: See https://interisle.squarespace.com/s/PhishingLandscape2024.pdfhttps://lnkd.in/e8mp6-v7
Press release: https://www.einpresswire.com/article/728920327/interisle-study-reveals-phishers-have-expanded-their-supply-chain-to-target-more-usershttps://lnkd.in/epetF7U2
Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
Monday, 20 June 2022
My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
Among the major findings in the study, we report that:
- The most frequently reported malware targets Internet of Things devices - surveillance cameras, sensors, or embedded technologies.
- Asia-Pacific networks host most IoT malware. China, India, and Australia represent 81% of malware that targeted IoT devices.
- Information stealers, ransomware, and backdoors are the most prevalent “endpoint” malware, i.e., malicious software that targets tablets, mobile phones, laptops, and PCs.
- Networks in the United States and China host the most endpoint malware and 8 of the 10 registrars with the most malware domains reported are headquartered in North America.
- Domains registered in the new Top-level Domains (TLDs) are disproportionately attractive to malware attackers. The new TLDs represent only 8% of the domain name registration market, but they contained 24% of reported malware domains. By contrast, the country code TLDs represent 39% of the market, but only 26% of the reported malware domains.
We also found that malware attackers have made effective use of cloud services, including file sharing services, code repositories, and storage services. While most uses of anonymous file sharing and code repositories are well-intentioned, malware attackers have used these services to distribute source code, attack code, and files containing compromised credentials or cryptographic keys.
For our malware studies we develop and maintain a taxonomy that is based a classification proposed by the Computer Antivirus Research Organization (CARO). Our taxonomy extends that original effort in the context of cybercrimes as defined in the Council of Europe’s Convention on Cybercrime.
A summary of the study can be found at https://www.cybercrimeinfocenter.org/malware-landscape-2022.
Happy reading!