|
A group of experts from Interisle Consulting Group and Illumintel released a paper today, reporting a comprehensive study of the phishing landscape in 2020. The study’s goal was to capture and analyze a large set of information about phishing attacks to better understand how much phishing is taking place, where it is taking place, and better ways to fight them.
Major findings: After a three-month data collection period, the group learned about more than 100,000 newly discovered phishing sites. Here are the major findings—full details on the study can be obtained here.
Timing of registrations: The group analyzed 65,255 gTLD domains to determine how much time elapsed between when a domain name was registered and when that domain was first flagged for phishing by one of the phishing data feeds. 45% of the domains (31,610 out of 65,255) were used for phishing within 14 days of registration, reinforces the conventional wisdom that when phishers register domains, they tend to use them quickly to avoid detection.
Only ten gTLD registrars: Almost half of all maliciously registered domains were acquired from only ten gTLD registrars. “More than 88% of the maliciously registered domains in our data set occurred in just 20 top-level domains. ... this presents opportunities for a few providers to put a big dent in phishing,” writes one of the researchers, Greg Aaron (read his overview on CircleID).
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byDNIB.com