Cybercrime Supply Chain 2025: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

Written By David Piscitello

Cybercrime continues to grow at alarming rates, according to Cybercrime Supply Chain 2025, a new study released by Interisle Consulting Group. The report analyzed more than 26 million unique cybercrime events involving malware, phishing, and spam – a 60% annual growth in attacks – revealing that criminals continue to easily and cheaply acquire the resources needed to launch attacks.

Download the Report
Download the Executive Summary

The study found that nearly 20 million unique domains were used in attacks. Malicious domain registrations increased 149% year over year, and bulk registration of domains for criminal purposes surged 177%. New generic Top-Level Domains (gTLDs) were particularly exploited: though they hold just 12% of the market, they accounted for nearly half of all cybercrime domains reported and well over half of the maliciously registered cybercrime domains. Key report findings include:

  • Malware, phishing, and spam attacks grew by 60%, to over 26 million events. Spam grew at the most alarming rate, more than doubling over 2024.

  • Nearly 19.5 million compromised and maliciously registered domains were used in cyberattacks compared to 8.6 million last year – a 126% increase.

  • Domains registered for cybercrime – malicious domains – increased 149% year over year. The percentage of malicious registrations in the new TLD space was nearly five times its market share.

  • Over 7.3 million domains used in cyberattacks were registered in bulk, a 177% increase compared to last year.

  • The overall number of IP addresses reported for hosting malware, spam or phishing activity decreased by 20%. The United States, India and Hong Kong saw hosting increases.

The report urges greater oversight and accountability across the cybercrime supply chain, including:

  • Stronger verification of customer information, including adoption of EU NIS2 directive standards.
  • Implementing automated systems to disrupt and mitigate suspicious registration and hosting activity.
  • Limitations on high-volume registration and account creation.
  • Adopting trusted reporter programs to expedite takedowns.
  • Corrective action for operations with high criminal abuse rates.

Interisle’s study was sponsored by the Anti Phishing Working Group (APWG, https://apwg.org), CAUCE (https://cauce.org), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG, https://m3aawg.org). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.

The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.

Comments can be submitted to feedback@interisle.net

David Piscitello
Next

Phishing Landscape 2025: An Annual Study of the Scope and Distribution of Phishing