2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021.
The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase).
All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported. These exceptionally high percentages are a result of these registrars having very few (no more than a couple hundred) malware domains reported in the Oct-Dec 2023 quarter but (tens of) thousands of malware domains in this quarter.
We have repeatedly observed similar swings in domains reported for phishing, but this is the first such for malware. Some (combination of) policy, practices, processes or pricing that contributes repeatedly to a pandemic phishing landscape may now be attracting malware actors. Read more...