Home / Blogs

2012 Global Phishing Trends: Uptime Down, Numbers Up

Despite security advances over the past year, including the increased deployment of DNSSEC, pirates continue to wreak havoc on the Internet. But before you decide that Internet security innovations are futile, consider this: online criminals are just like burglars in the physical world; they don’t take new ways of blocking their best efforts lying down. They come up with new and, in some cases, stronger plans of attack.

Proof of that is in the most recent report from the Anti-Phishing Working Group (APWG), whose mission is to combat phishing on a worldwide scale by eliminating fraud, crime and identity theft. Professionals from a broad spectrum of industries comprise the group and Afilias is proud to be a supporter and a steering group member.

The report, Global Phishing Survey: Trends and Domain Name Use in 1H2012, contains mixed news.

The good news is that the average uptime of phishing attacks is down. The longer a phishing attack remains active, the more money the targeted individuals and institutions lose. That means uptimes are a good indicator of how successful efforts to block phishing attacks have been. In 1H2012, uptimes fell to a record low of 23 hours and 10 minutes. That’s approximately half of what it was in late 2011, and it is by far the lowest uptime recorded since the APWG began issuing the semi-annual report in 2008.

The bad news? The survey found that while the duration of the attacks fell, the number of them increased. During 1H2012, there were at least 93,462 attacks—12 percent more in the same time period a year earlier.

Trends to Note

The report also contains a number of findings for further consideration.

First, phishers continue to abuse services related to subdomains. Accordingly, the trend of phishers registering subdomains more frequently than regular domain names continues since subdomains can be more difficult to spot than second-level domains. In 1H2012, there were 13,307 phishing attacks hosted on subdomain services compared to 7,712 that used second-level domains. However, the overall use of subdomains for phishing purposes fell from 21 percent of all attacks to just 14 percent.

As phishers focus on larger and more popular targets, the number of targeted institutions continues to decrease. There is also a growing emphasis on gaining access to e-mail accounts, which phishers use to spam from whitelisted services such as Gmail, Hotmail and Yahoo.

China continues to be a hot spot for phishing-related activity. The report notes that phishers who attacked Chinese institutions were responsible for two-thirds of all the malicious domain name registrations made in the entire world. While the phishers didn’t use .CN domain names, they did use both Chinese and non-Chinese registrars.
South America is often cited as a region that’s experiencing tremendous economic growth. Unfortunately, it’s also a region where Web servers that are compromised by phishers is a growing phenomenon.

The extent to which phishing attacks proliferate—or become a real but benign fact of life—is up to all of us whose work involves Internet security. If that’s you, I recommend you read the APWG report in its entirety.

By Ram Mohan, Chief Operating Officer at Afilias

Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Visit Page

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign