On Tuesday, Interisle will release its third annual Cybercrime Supply Chain (CSC) report, which documents how cybercrime has evolved into a sophisticated global industry and analyzes where criminals acquire key Internet resources. Google’s lawsuit against the Lighthouse Phishing-as-a-Service syndicate provides a vivid snapshot of the brutal efficiency with which cybercriminals exploit these dynamics and take advantage of easy access to attack supplies.

Google’s complaint details the Lighthouse turnkey service: a platform that provides scam website templates, domain setup tools, campaign management software, and “300+ front desk staff worldwide” to help technical novices conduct phishing attacks at mass scale.

According to research by Silent Push cited in the Google suit, the Lighthouse platform generated some 200,000 malicious domains and hosted phishing websites on over 8,800 IP addresses across nearly 200 ASNs. The top-level domains most exploited by Lighthouse included .TOP, .VIP, .COM, .XYZ, .XIN, and .CC, all of which appear as highly exploited domains in our upcoming CSC report.

The Google filing notes that Lighthouse created some 32,000 phishing sites spoofing the U.S. Postal Service (USPS) alone between mid-2023 and late 2024. This closely matches the number of unique USPS phishing domains we observed in our Phishing Landscape 2025 study.

Numbers like these are not just abstract measures of malicious activity. They translate into devastating harm and financial loss for over a million victims in 121 countries, and for the businesses and government entities around the world impersonated in Lighthouse attacks.

What makes Lighthouse particularly noteworthy is not its technical sophistication, but the ease with which its operators and affiliates have been able to acquire the resources necessary to run it. Lighthouse does not rely on rare vulnerabilities or cutting-edge exploits. It relies on the ready availability of domain names, hosting accounts, messaging tools, and other legitimate services that can be acquired cheaply, provisioned quickly, and integrated with stolen data and other assets traded in criminal markets.

This cybercrime supply chain economy—one of high volume, low cost, and minimal friction—is what enables cybercriminals to reach global scale and profit from unsuspecting victims with so little effort.

Google’s lawsuit is a significant and welcome development. It disrupts a specific criminal enterprise, limits ongoing harm, and shines a light on an operation that has victimized millions across the globe. But as the complaint itself notes, cybercriminals adapt quickly. Unless root problems are addressed, others will fill the void left by the Lighthouse syndicate.

Not only must we continue to disrupt cybercriminal enterprises, we must also deprive them of the resources they depend on and make cybercrime harder and far less profitable to sustain.

Our CSC report urges greater oversight and accountability across industry to make criminal access to Internet resources more difficult while ensuring that legitimate users can easily obtain the services they need. Our recommendations include:

• Requiring more robust identity verification for service registration,
• Expanding automated systems that monitor for suspicious registration behavior and more efficiently mitigate criminal abuse when found,
• Limiting high-volume registration and account creation,
• Adopting trusted-reporter programs to expedite takedowns, and
• Requiring corrective action for operators with high criminal abuse rates.

The Google lawsuit also highlights the limited legal remedies available to disrupt cybercriminal activity. Policymakers should focus on modernizing legal frameworks to improve deterrence and enable more effective prosecution at both national and international levels.

As Google’s Lighthouse action unfolds, we urge all stakeholders to look beyond the headlines and focus on closing the vulnerabilities in the cybercrime supply chain that enable these devastating attacks.

Interisle’s Cybercrime Supply Chain 2025 report will be released Tuesday, 18 November at https://interisle.net/insights.