Interisle Consulting Group

Resilient systems and networks position your organization to thrive under any circumstances—to respond dynamically to new technologies, new business opportunities, and new threats in an ever-changing world.

Interisle's world-renowned Internet and public safety networking experts know that what matters most about technology is how it helps you achieve your objectives.

We look beyond the impersonal canned solutions promoted by traditional large consulting firms, working closely with our clients to find the enduring architectural foundation that unites technology and business strategy to create sustainable value. Everything we do is focused cleanly and efficiently on your specific situation—all of our consultants are seasoned professionals with international reputations, and we don't waste your time (or money) on anything that doesn't directly benefit your business.


When the answer isn't obvious.



Why is .US Being Used to Phish So Many of Us? (1 September 2023)
Brian Krebs, reporting at KrebsOnSecurity, citing Interisle's Phishing Landscape 2023 report, noted that "domains names ending in .US […] are among the most prevalent in phishing scams".
Krebs notes that .US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce and NTIA contracts out management of .US to GoDaddy. However, "In response to questions from KrebsOnSecurity, GoDaddy said all .US registrants must certify that they meet the NTIA's nexus requirements. But this appears to be little more than an affirmative response that is already pre-selected for all new registrants."
Data from the Cybercrime Information Center show many examples of common brand names being used in .US domain names that have been registered and subsequently identified in phishing attacks.

Collateral Damage from Freenom Phishing Attacks (12 April 2023)
Brian Krebs, reporting at KrebsOnSecurity, recently reported that, sued by Meta, registry operator Freenom halted domain registrations.
According to Krebs, Meta alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Meta's actions come as no surprise to us. The Cybercrime Information Center has collected phishing data since May 2020. Freenom's commercialized ccTLDs have repeatedly appeared among the TLDs with the most phishing domains and highest phishing scores.
While brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks. In a post on the CyberCrime Information Center we show that while brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks as well.

New TLDs are coming ... Eventually (16 March 2022)
In a recent blog post, New TLDs are coming #Dangerclose, Dave Piscitello reacts to the impending next round of new Top-level Domains by explaining how DNS abuse — or more correctly, cybercrimes that employ domain names — has flourished in the new TLD era. In the blog, Dave cites concerns by the DNS security community, including ICANN's own security advisory committee, and abuse statistics reported by Interisle and ICANN. He then describes how ICANN has done little to address this problem.

Interisle weighs in on proposed rulemaking to address cybercrime (25 October 2021)
Interisle has submitted a comment in response to the US Department of Commerce's Advance notice of proposed rulemaking (ANPRM). The ANPRM responds Executive Order 13984 of January 19, 2021, ‘Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities’. The EO directs the US Commerce Secretary to implement measures to “deter foreign malicious cyber actors' use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”
Interisle has recommended that DNS hosting and registration services should be classified as IaaS. We explain how criminals use the DNS and how they register and weaponize thousands of domains to perpetrate online crimes. We argue that the DNS is arguably as much of a critical infrastructure as the mobile and “hard-wired” networks that comprise the Internet.

In Fight Against COVID-19 Scam Sites, Lawmakers Push for Domain Name Ownership Records-and Some Pro-Privacy Advocates Agree (2 June 2020)
In this Morning Consult article, reporter Sam Sabin writes that “lawmakers have begun taking the first steps to either provide relief for law enforcement and reopen the WHOIS database or hold domain name operators accountable to verifying the identities of those who purchase web addresses themselves.” Her interviews with politicians, registrars, consumer advocates, and security experts—including Interisle's Dave Piscitello—reveal broad support for better registration data access and stronger accountability for domain name registrants. “Too many domain name registrars and other internet companies are putting their heads in the sand as cybercriminals and scammers try to exploit this pandemic by luring people to fraudulent coronavirus-related websites.”

Weaponizing Domain Names via Bulk Registration (31 March 2020)
In this guest blog post at The Spamhaus Project, Dave Piscitello explains how criminals misuse domain names much in the same manner as terrorists misuse fertilizers to construct improvised explosive devices or as criminals divert pseudoephedrine to the manufacture of methamphetamine. In all of these cases, a commodity serves as a tool in the pursuit of some malignant (criminal) activity. Domain industry parties will no doubt object to such an extreme characterization, cyber investigators can demonstrate on an almost daily basis that hundreds or thousands of domain names are registered specifically for cyber attacks. Dave offers insights from Interisle's Criminal Abuse of Domain Names report and Spamhaus Project editor Sarah Miller notes that the findings from that October 2019 “emphasized the need for more stringent measures to be put in place within the domain name industry, something that the current COVID-19 pandemic is further highlighting.”

It's Not About the Internet (22 October 2019)
In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural, and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology, and political science—not (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have traditionally been considered “Internet” issues in an article that appears in the 50th Anniversary issue of the ACM SIGCOMM Computer Communication Review.

Worth reading: "Moving the Encryption Policy Conversation Forward" (20 September 2019)
On September 10, the Encryption Working Group—convened under the auspices of the Carnegie Endowment for International Peace and Princeton University—issued a constructive and wise report titled "Moving the Encryption Policy Conversation Forward" This report directly addresses the increasingly heated debate over use of encryption technologies to protect privacy contrasted against the needs expressed by law enforcement to be able to conduct criminal investigations and protect public safety. Instead of adding further heat to this on-going debate, the Encryption Group has wisely recommended toning down the rhetoric, and instead focusing on problems where feasible solutions can be developed that resolve not just technical issues, but also conform to rational policies and core principles. This offers a hopeful way forward where polarized debate can be replaced with constructive cooperation toward concrete results that would benefit individuals and society at large. We hope this report is read by all players concerned with issues of privacy and legitimate access by law enforcement.


Interisle News

20 September 2023
Interisle's Andy Malis Awarded 9th Patent

Andy Malis was granted US Patent 11,750,517 on September 5, 2023, Service Function Chaining Congestion Feedback. This patent adds a method of reporting downstream congestion to Service Function Chaining (SFC) as defined by the Internet Engineering Task Force (IETF). SFC enables network operators to offer various value-added services to their customers, such as deep packet inspection, parental controls, traffic optimization, and network address translation without the need for specialized network elements to provide these services. This patent extends these capabilities with the ability to report downstream congestion to upstream devices so that they may address the congestion.

9 August 2023
Phishing Landscape 2023

Interisle Consulting Group has published a major new research report, Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing. Interisle has collected more than 11 million phishing reports over a three-year period, showing a tripling of phishingn attacks since May 2020, and a 65% increase since the previous yearly study. The number of unique domains names continues to increase. 90% of phishing domains in new gTLDs are in just 25 new gTLDs. Two-thirds of phishing domain names were registered specifically for phishing. The report includes recommendations for registries and registrars, emphasizing that mitigation requires cross-industry collaboration. Absent effective mitigation, litigation has yielded results — when Freenom stopped offering domain names, the number of Freenom domains used for phishing plummeted.

31 May 2023
Interisle research on display at Krebs on Security

American journalist and investigative reporter Brian Krebs cited data and findings from Interisle's 2021 Phishing Landscape Study in a March 7 column, ‘Sued by Meta, Freenom Halts Domain Registrations’. Following several exchanges on Mastodon, Brian took a deeper dive into Freenom's Freefall with Interisle partners Dave Piscitello and Colin Strutt. Brian then published a follow-up piece, ‘Phishing Domains Tanked After Meta Sued Freenom, where he shares charts and trendlines prepared by Colin using data collected at the Cybercrime Information Center and observations by Dave on why legal action may be an effective recourse for brands targeted by phishers.

15 April 2023
Interisle's Andy Malis Awarded 8th Patent

Andy Malis was granted US Patent 11,616,717 on March 28, 2023, Service Function Chaining Network Services. This patent adds quality of service capabilities to Service Function Chaining (SFC) as defined by the Internet Engineering Task Force (IETF). SFC enables network operators to offer various value-added services to their customers, such as deep packet inspection, parental controls, traffic optimization, and network address translation without the need for specialized network elements to provide these services. This patent extends these capabilities with a table-driven approach to provide various qualities of service to network packets.

16 March 2023
Interisle Welcomes New Associate Karen Rose

No, not the romantic suspense author who wrote Cold Blooded Liar-the internationally recognized Internet policy and digital economy expert who served as Senior Director of Strategy and Analysis at the Internet Society. Karen's 30 years of public and private sector experience and her reputation for insightful analysis of global Internet issues extend and amplify Interisle's ability to provide authoritative advice to its clients. You can watch her describe ICANN's relationship with the U.S. Government—and her role in creating it—in this interview for the ICANN History Project.

14 March 2023
Malware Landscape 2023

Interisle Consulting Group has published a major new research report, Malware Landscape 2023: A Study of the Scope and Distribution of Malware. Interisle reviewed over 7 million reports of distinct malware events from January 2022 to December 2022 collected by the Cybercrime Information Center, examining malware that attacks both IoT and user-attended devices ("endpoints"). This year Interisle also studied reports of malicious traffic sources: malware that is used to scan web sites for exploitable vulnerabilities, to inject malicious content into web forms, or to conduct denial of service attacks.

9 March 2023
Interisle's Andy Malis Awarded 7th Patent

Andy Malis was granted US Patent 11,582,148 on February 14, 2023, MPLS Extension Headers for In-Network Services. This patent describes methods and devices (e.g., routers) that add in-network services to a multiprotocol label switching (MPLS) network. This can include an MPLS network router receiving and modifying a packet by adding one or more MPLS extension headers, adding one or more extension header(s), and adding an indication within an MPLS label stack that one or more MPLS extension headers have been added to the packet.

28 February 2023
Another Quarter's Malware Analyzed

Analysis of the October to December 2022 malware data from the CyberCrime Information Center shows a 34% increase in IoT malware and a 31% increase in endpoint malware compared to the previous quarter. Mozi is on the rise again, and vulnerability scanners are running rampant. Also noteworthy, there was a 121% increase in domains names reported for hosting malware.

23 September 2022 (Updated 1 November)
Dave Piscitello to present at M3AAWG

Dave Piscitello will present findings and recommendations from two recent Interisle studies of phishing and malware at the M3AAWG meeting in October. Data from three million phishing reports, as well as analysis and recommendations about two and a half million records of malware will be shared.
Update: 1 November 2022
Anne Price summarized Dave's presentation in a M3AAWG blog post, "Coordinated Action is Needed as Phishing and Malware Attacks Skyrocket; Domains, Brands and Services Targeted".

10 August 2022
Making the Internet a More Secure Place

David Strom interviews Dave Piscitello for Czech company Avast's popular Cybersecurity blog, where he reviews Interisle's 2022 Phishing Landscape Study. Strom notes that "What makes [the] report especially powerful is that it includes data from four commercial information sources" and the two Davids discuss the merits/benefits when organizations employ more than one blocklist in their antiphishing defenses.

1 March 2021
Interisle Launches the Cybercrime Information Center

Cybercrime—phishing, pharming, botnets, malware, and spam—threatens every Internet user. To fight cybercrime we need to know how criminals acquire and use the Internet resources that enable their criminal activity. The Cybercrime Information Center (CIC) will gather and publish the facts about cybercrime. By publishing its measurement data, the Center will identify the sources and mechanisms of cybercrime, as defined in the Council of Europe's Budapest Convention on Cybercrime. Researchers, governments, businesses, and others will be able to use CIC data to evaluate the policies and practices that attract and encourage criminal activity.









Privacy Statement

© Interisle Consulting Group