Blog
-
Spam activity is at an 18-month high
Domains reported for hosting spammed content or spambots rose from 1.5M in the March-May 2024 reporting period to 2.6M in the June-August 2024 reporting period. Eighteen of the Top-level Domains with the highest spam scoring metric were new TLDs.These were joined by .CC and .TK.
All these TLDs had spam score metrics in excess of 300; by comparison, .COM had a score of 57.9. If you think .COM’s a spammy neighborhood, magine how much spam we’d see if these TLDs had equally large domain market shares. More...
-
Phishing in 2024 shows no sign of a slowdown. We processed just slightly more than1M reports from our phishing feeds in the 3-month period ending July 31, 2024, a third straight reporting period where our collection exceeded 1M. We observe small decreases in most measurements of resources that phishers exploit to perpetrate crimes. More...
-
The April - June 2024 time period was a busy one for malware actors. Sites reported for hosting endpoint malware and IoT malware increased more than twofold (227% and 235%, respectively. We again identified more than 1 million unique IPv4 addresses as sources for malicious traffic (attackware and traffic injectors). Unique domain names used to host malware dropped but this had no impact on overall malware activity. More...
-
Domains reported for hosting spammed content or spambots leaped to over 1.5M during the reporting period. Spammers were most active in the .COM, .TOP, and .XYZ gTLDs. The new gTLDs continue to be the spammiest Top-level Domains. Spammers continue to target the tech sector, financials, cryptocurrencies and delivery services. More...
-
2024 began with an unprecedented rise in domain names reported for hosting malware.
The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO). The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. More…
-
For the 3-month period ending January 31, 2024, we processed a staggering 1M reports from our phishing feeds (a 19% increase over the prior quarter). These resources abetted over 500,000 phishing attacks (a 37% increase over the prior quarter). Phishers changed tactics… again. We observed an 85% increase oin domain names used in phishing attacks, and a 24% decrease in the use of subdomain service provider accounts to host phishing web pages. More…
-
We saw a 20% drop in spam domains in the December - February 2024 reporting period. This follows a modest quarter over quarter decline from earlier reporting periods. The declines appear to coincide with increased use of user accounts at subdomain service providers. Eight of the ten registrars from our September-November 2023 reporting period appear in our ranking of domain registrars by number of spam domains under management for this period. Since June 2023, our top 10 hosting networks continues to include mostly the same operators. More…
-
Spam domains reported declined for the third straight quarter, but we still see over 200,000 unique spam domains month after month. New TLDs and subdomain reseller accounts continued to attract more spammers. Bulk registrations of spam domains over the course of 2023 were unacceptably high. More…
-
Malware activity has fluctuated throughout 2023. It’s tempting to speculate that malware attackers take breaks after holiday and tax seasons, but we’ll need to observe several nire years of activity before we make that claim. And the attackers will likely change before we can. For now, we saw less malware activity than we saw in the prior quarter. More…
-
Spammers are alive and thriving. We observed declines compared to the previous quarter in the number of spam reports that we collected from feeds, the number of unique domains, registrars, subdomain resellers, and the number of hosting networks that had gTLD domains under management reported for hosting spammed content or spambots. Here, we make observations from a careful analyses of the 1.3 million spam reports that we processed for this quarterly period. More…
-
The theme for the May - July 2023 reporting period was… CHANGE. After a drop in phishing attacks reported in the February - April 2023 period, phishing attacks increased 21% during the May - July 2023 period. Phishers lost a mainstream supply chain when Freenom stopped processing domain registrations in its five commercial ccTLDs. The number of domains reported for phishing decreased 15%, but… more
-
May 2022 - April 2023 was a tumultuous period for cryptocurrency. The market was most adversely affected in Q2 2022, and then traded sideways in the low $1T range for the remainder of the year. The market has recovered slightly during the beginning of 2023 but the total market cap was less than ½ of the $2T reported for 2021. Cryptocurrency phishing, however, continues to flourishes. More…
-
What do malware and sand have in common? They shift. In 2Q2023, we saw endpoint malware rise and IoT malware decline. The top hosting networks most frequently reported for hosting malware stayed the same but changed positions. Attackware and traffic injector malware reports increased but malicious traffic sources increased. More…
-
Ups and downs! Domain names reported for phishing decreased dramatically. However, we saw more phishing attacks “per domain” and significantly more phishing attacks hosted at subdomain service providers.The percent of maliciously registered phishing domains remained largely the same. But the biggest news: we’ve observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs. More.
-
A summary of malware activity from January 1 through March 31, 2023. Endpoint malware reports decreased dramatically. Unique domains reported for hosting malware decreased 38%. IoT malware reports increased 21%. Malicious traffic sources also decreased. Attackers resting after a taxing holiday season? Unlikely:-) More…
-
While victims of phishing attacks are the most harmed parties, other parties such as hosting operators received collateral damage from phishing attacks. Here we look at domain names registered through Freenom and hosted at A2 Hosting. More…
-
Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some insights from the phishing activity reported for the November - December 2023 period. More…
-
A summary of malware activity from October 1 through December 31, 2022. IoT Malware increased 34%: Mozi… on the rise again? Endpoint malware increased 31%. Also noteworthy…121% increase in unique domain names reported for hosting malware. Oh, and vulnerability scanners are running rampant. More..
-
Dave Piscitello gave a virtual presentation on Thursday, 1 December 2022, at the APWG eCrime 2022 Symposium titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. Dave discussed how the lack of taxonomic conventions affects measurements and comparisons across studies. Download the presentation.
-
Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the phishing landscape for the August - October 2022 period. More…
-
Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue…
-
Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the phishing landscape. Continue…
-
Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue…
-
We are now processing reports of IP addresses that host scripts or executables that are used to inject malicious content, disrupt services, or to expose and exploit vulnerabilities. These reports are different from our existing sub-families, IoT Malware and Endpoint Malware, so we have decided to add a new sub-family in our classification taxonomy, Malicious IP Address. Continue…
-
Today, we will use records published at the Cybercrime Information Center to study where criminals shop for phishing domains in generic Top-level Domains (gTLDs). Continue…
-
Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue…
-
We have made some changes and improvements to the Cybercrime Information Center. These expand our analytics capabilities and allow us to provide more and broader insights regarding how and where criminals obtain the resources that they use to commit cybercrimes. Continue…
-
In this post, we demonstrate how you can use Excel and the data that the Center publishes to generate custom statistics. Continue…
-
In this post, we demonstrate how you can use the Cybercrime Information Center’s quarterly phishing activity table data to study which Top-level Domains criminals are using for domain names that they purposely register for phishing. Continue…