Why is .US Being Used to Phish So Many of Us? (1 September 2023)
Brian Krebs, reporting at KrebsOnSecurity, citing
Interisle's Phishing Landscape 2023 report,
noted that "domains names
ending in .US […] are among the most prevalent in phishing scams".
Krebs notes that .US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce
and NTIA contracts out management of .US to GoDaddy. However, "In response to questions from KrebsOnSecurity, GoDaddy said all .US registrants must certify that they meet
the NTIA's nexus requirements. But this appears to be little more than an affirmative response that is already pre-selected for all new registrants."
Data from the Cybercrime Information Center show many examples of common brand names being
used in .US domain names that have been registered and subsequently identified in phishing attacks.
Collateral Damage from Freenom Phishing Attacks (12 April 2023)
Brian Krebs, reporting at KrebsOnSecurity, recently
reported that, sued by Meta,
registry operator Freenom halted domain registrations.
According to Krebs, Meta alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Meta's actions come as no surprise to us. The Cybercrime Information Center has collected
phishing data since May 2020. Freenom's commercialized ccTLDs have repeatedly appeared among the TLDs with the most phishing domains and highest phishing scores.
While brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage
from phishing attacks. In a post on the CyberCrime Information Center
we show that while brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral
damage from phishing attacks as well.
New TLDs are coming ... Eventually (16 March 2022)
In a recent blog post, New TLDs are coming #Dangerclose,
Dave Piscitello reacts to the impending next round of new Top-level Domains by explaining
how DNS abuse — or more correctly, cybercrimes that employ domain names — has flourished in the new TLD era. In the blog, Dave cites concerns by the DNS security community, including ICANN's own
security advisory committee, and abuse statistics reported by Interisle and ICANN. He then describes how ICANN has done little to address this problem.
Interisle weighs in on proposed rulemaking to address cybercrime (25 October 2021)
Interisle has submitted a comment in response to the US Department of Commerce's Advance notice of proposed rulemaking (ANPRM).
The ANPRM responds Executive Order 13984 of January 19, 2021,
Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities’. The EO directs the US Commerce Secretary to implement measures to
“deter foreign malicious cyber actors' use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”
Interisle has recommended that DNS hosting and registration services should be classified as IaaS. We explain how criminals use the DNS and how they register and weaponize thousands of domains
to perpetrate online crimes. We argue that the DNS is arguably as much of a critical infrastructure as the mobile and “hard-wired” networks that comprise the Internet.
In Fight Against COVID-19 Scam Sites, Lawmakers Push for Domain Name Ownership Records-and Some Pro-Privacy Advocates Agree (2 June 2020)
In this Morning Consult article, reporter Sam Sabin writes that
“lawmakers have begun taking the first steps to either provide relief for law enforcement and reopen the WHOIS database or hold domain name operators accountable to verifying the identities
of those who purchase web addresses themselves.” Her interviews with politicians, registrars, consumer advocates, and security experts—including Interisle's Dave Piscitello—reveal
broad support for better registration data access and stronger accountability for domain name registrants. “Too many domain name registrars and other internet companies are putting their
heads in the sand as cybercriminals and scammers try to exploit this pandemic by luring people to fraudulent coronavirus-related websites.”
Weaponizing Domain Names via Bulk Registration (31 March 2020)
In this guest blog post at The Spamhaus Project,
Dave Piscitello explains how criminals misuse domain names much in the same manner as terrorists misuse fertilizers to construct improvised explosive devices or as criminals divert pseudoephedrine
to the manufacture of methamphetamine. In all of these cases, a commodity serves as a tool in the pursuit of some malignant (criminal) activity. Domain industry parties will no doubt object to
such an extreme characterization, cyber investigators can demonstrate on an almost daily basis that hundreds or thousands of domain names are registered specifically for cyber attacks.
Dave offers insights from Interisle's Criminal Abuse of Domain Names report and Spamhaus Project editor Sarah Miller
notes that the findings from that October 2019 “emphasized the need for more stringent measures to be put in place within the domain name industry, something that the current COVID-19
pandemic is further highlighting.”
It's Not About the Internet (22 October 2019)
In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural,
and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared
to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology,
and political science—not (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have
traditionally been considered “Internet” issues in an article that appears in the
50th Anniversary issue of the
ACM SIGCOMM Computer Communication Review.
31 January 2024
M3AAWG DNS Abuse Report
A new report from M3AAWG quotes from Interisle's Criminal Abuse of Domain Names report
and additionally cites Interisle's Phishing Landscape 2020 report. Read their complete report
at M3AAWG DNS Abuse Prevention, Remediation, and Mitigation Practices for Registrars and Registries.
23 January 2024
Trends in Spam
Analysis of spam data for September to November 2023 shows that the number of domains reported for spam declined for the third straight quarter.
But that still represents over 200,000 unique spam domains each month. New gTLDs and subdomain reseller accounts continue to attract more spammers.
Bulk registrations of spam domains during 2023 were unacceptably high: for the whole year, we determined that 36% of domains used in
spam campaigns were registered maliciously (i.e., by spammers, for spam). It's insulting to dismiss spam emitted using these #weaponized domains
as abuses. They are, or they abet, criminal acts. Read the detailed analysis at the
Cybercrime Information Center.
11 January 2024
Changes in Phishing
While phishing attack volume oscillated during 2023 — down during in the February–April 2023 period, up during the May–July 2023 period
and down again for the August–October 2023 period — phishing is still increasing over time. While the number of domains reported for phishing again
decreased ~1%, malicious registrations increased by a troubling 22%. Meta and USPS were the most impersonated brands.
Phishing domains reported in the ccTLDs dropped to 22%, well below the ~37% ccTLD market share. With Freenom out of the domain registration business,
phishers are exploiting the new TLDs, particularly those with cheap registration fees. For more insights, read our
Phishing Trends, including
key measurements and operator rankings (TLDs, registrars, and hosters).
1 November 2023
Interisle's Andy Malis Awarded 10th Patent
Andy Malis was granted US Patent 11,792,045, Elastic VPN That Bridges Remote Islands, on October 17, 2023. This patent enables enterprise
networks that employ cloud computing to offload processing tasks to third party data centers. Virtual private networking techniques can
be used to securely transmit data between the enterprise networks and the data centers housing the cloud networks via the Internet.
This allows enterprise users to move application functionality between data centers, for example to dynamically allocate processing power
at data centers that are geographically closest to an active end user base at any specified date/time. This approach allows processing power
to be dynamically allocated and deallocated to support branch office networks that rely on the enterprise network.
23 October 2023
Cybercrime Supply Chain 2023
Interisle has published a major new research report,
Cybercrime Supply Chain 2023: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them,
finding persistent patterns of exploitation and abuse.
Interisle analyzed more than 10 million cybercrime records and found distinct, persistent patterns of exploitation and abuse covering a 365-day period from September 2022 to August 2023.
The report notes that current reactive efforts cannot curtail cybercrime and the harm it inflicts on Internet users, and recommends implementation of measures that,
working together, policy regimes, governments, service providers, and private sector can use to disrupt the cybercrime supply chain.
The study was sponsored by APWG, CAUCE, and M3AAWG.
12 October 2023
Interisle Responds to UK DSTI on Domain Abuse
Cybercrime and domain name abuse are key concerns of governments and other stakeholder worldwide. Successful mitigation of these problems will require
a global, cross-sectoral approach, including appropriate action by governments.
Interisle Consulting Group contributed to the UK Department for Science, Innovation and Technology's (DSTI) recent consultation
Powers in Relation to UK-Related Domain Name Registries,
which seeks input on policies for mitigating domain name abuse and misuse in UK-related top-level domains (TLDs). Drawing on finding from its recent
Phishing Landscape 2023 report, Interisle's response underscores how effective policies
and procedures must aim at preventing criminals from maliciously registering names in the first place, not just cleaning up after abuse has already occurred.
It also discusses the benefits in using the Council of Europe's Convention on Cybercrime's descriptions of harmful activities as a basis for defining
prohibited uses of domain names, including facilitating multi-jurisdictional abuse mitigation and enforcement.
Read our full contribution.
9 August 2023
Phishing Landscape 2023
Interisle Consulting Group has published a major new research report,
Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing.
Interisle has collected more than 11 million phishing reports over a three-year period, showing a tripling of phishingn attacks since May 2020, and a 65% increase since the previous yearly study.
The number of unique domains names continues to increase.
90% of phishing domains in new gTLDs are in just 25 new gTLDs.
Two-thirds of phishing domain names were registered specifically for phishing.
The report includes recommendations for registries and registrars, emphasizing that mitigation requires cross-industry collaboration.
Absent effective mitigation, litigation has yielded results — when Freenom stopped offering domain names, the number of Freenom domains used for phishing plummeted.
31 May 2023
Interisle research on display at Krebs on Security
American journalist and investigative reporter Brian Krebs cited data and findings from Interisle's 2021 Phishing Landscape Study in a March 7 column,
‘Sued by Meta, Freenom Halts Domain Registrations’.
Following several exchanges on Mastodon, Brian took a deeper dive into Freenom's Freefall
with Interisle partners Dave Piscitello and Colin Strutt. Brian then published a follow-up piece,
‘Phishing Domains Tanked After Meta Sued Freenom, where he shares
charts and trendlines prepared by Colin using data collected at the Cybercrime Information Center and observations by Dave
on why legal action may be an effective recourse for brands targeted by phishers.
16 March 2023
Interisle Welcomes New Associate Karen Rose
No, not the romantic suspense author who wrote Cold Blooded Liar-the internationally recognized Internet policy and digital economy expert
who served as Senior Director of Strategy and Analysis at the Internet Society. Karen's 30 years of public and private sector experience
and her reputation for insightful analysis of global Internet issues extend and amplify Interisle's ability to provide authoritative advice
to its clients. You can watch her describe ICANN's relationship with the U.S. Government—and her role in creating it—in
this interview for the ICANN History Project.
14 March 2023
Malware Landscape 2023
Interisle Consulting Group has published a major new research report,
Malware Landscape 2023: A Study of the Scope and Distribution of Malware.
Interisle reviewed over 7 million reports of distinct malware events from January 2022 to December 2022 collected
by the Cybercrime Information Center, examining malware that
attacks both IoT and user-attended devices ("endpoints"). This year Interisle also studied reports of malicious traffic sources:
malware that is used to scan web sites for exploitable vulnerabilities, to inject malicious content into web forms, or to conduct
denial of service attacks.