Home / Blogs

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. We also found that phishers continued to abuse domain names in known and persistent ways, including through the use of bulk registration and new generic top-level domains (new gTLDs.) The full Phishing Landscape 2024 report can be found at https://interisle.net/PhishingLandscape2024.

For our 2024 study we analyzed nearly four million phishing reports from four widely respected threat data providers (Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus) collected from May 2023 to April 2024. We then used data from our previous studies (available at the Cybercrime Information Center) to examine year-on-year trends. Among other findings, our study shows that:

  • The total number of phishing attacks grew by nearly 50,000 attacks compared to last year, to just under 1.9 million incidents worldwide.
  • While the number of unique domain names reported for phishing held relatively steady at just over 1.1 million, the use of subdomain providers for phishing rose 51% to over 450,000 reported names, representing 24% of all phishing attacks. The use of the decentralized InterPlanetary File System to host and launch phishing attacks also increased remarkably—up 1,300% to some 19,000 reported phishing sites.
  • After the demise of the phish-friendly domain registry Freenom, cybercriminals also deepened their use of inexpensive domain names in new gTLDs. 42% of all domains reported for phishing were registered in new gTLDs, compared to 25% last year.
  • The practice of registering of high volumes of domain names at one time (bulk registration) continues to be highly exploited by phishers. We found at least 27% of all domain names used in phishing attacks were registered in bulk.
  • Four of the top five hosting providers used by phishers to host attacks were based in the United States. One U.S. hosting company accounted for over one-third of all phishing attacks.
  • Domain name registration policies significantly affect the level of phishing in a TLD. Our study of ccTLD pricing and policies in Europe and the Asia-Pacific region shows that more robust customer verification requirements correlate with lower levels of phishing activity.

Phishing is the most commonly used tactic in the perpetration of cybercrime and a costly global threat. Balanced polices aimed at starving cybercriminals of the resources they need to conduct attacks are urgently required. Grounded in our findings, the study outlines a series of recommendations for curbing criminal access to attack resources and more effectively remediating phishing problems when they are found. Our recommendations include:

  • Implement robust identify verification / certification requirements for parties wishing to bulk register domain names and reasonably limit the number of accounts and subdomains a customer can register at subdomain providers.
  • Strengthen verification of customers and submitted registration information across the domain name, subdomain, and hosting industries, including implementing automated tools to screen for bogus registration data and fraudulent payment information.
  • Expand the deployment of automated systems to screen for suspicious patterns of domain name and subdomain registrations, including algorithmically generated names and names deceptively similar to known brands.
  • Implement more effective, proactive procedures to identify the use of hosting resources for cybercrime, including measures to suspend suspicious accounts in a timely way.
  • Create “Trusted Reporter” programs across industry to facilitate swift suspension of phishing resources identified by recognized and trusted cybercrime monitors.
  • More effective, outcome-oriented, cross-sector collaborations aimed at preventing and more quickly mitigating criminal access to phishing resources.

Ultimately, coordination, cooperation, and consistent action across a range of actors will be needed to create sustained, positive change in the phishing landscape. In addition to voluntary industry actions and policy changes through the ICANN process, action by government may be needed to foster effective solutions.

By Karen Rose, Partner, Interisle Consulting Group

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com