Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period.

Interisle researchers, using data from the Cybercrime Information Center, analyzed more than 10 million cybercrime records and found distinct, persistent patterns of exploitation and abuse covering a 365-day period from September 2022 to August 2023.

The study, which analyzes over 3 million phishing reports representing over 1.1 million phishing attacks, shows that phishing increased by 61% over the period 1 May 2021 through 30 April 2022.

Interisle reviewed over 7 million reports of distinct malware events from January 2022 to December 2022 collected by the Cybercrime Information Center, examining malware that attacks both IoT and user-attended devices ("endpoints"). This year Interisle also studied reports of malicious traffic sources: malware that is used to scan web sites for exploitable vulnerabilities, to inject malicious content into web forms, or to conduct denial of service attacks.

The study, which analyzes over 3 million phishing reports representing over 1.1 million phishing attacks, shows that phishing increased by 61% over the period 1 May 2021 through 30 April 2022.

Interisle researchers analyzed 2.5 million records of distinct malware events from April 1, 2021 to March 31, 2022 collected by the Cybercrime Information Center, to identif what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks. The study provides yearly and year-over-year measurements.

The study, which analyzes nearly 1.7 million malware reports collected from January 1, 2021 to June 30, 2021, shows a 663% increase in malware reports in the first half of 2021. Our analyses identify what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks

Phishing continues to pose a significant threat to millions of Internet users. This study, which analyzes nearly 1.5 million phishing reports representing 700,000 phishing attacks, shows that phishing increased by nearly 70% over the period 1 May 2020 through 30 April 2021. The study also reports that most phishing occurs on domains purposely (maliciously) registered for phishing attacks.

This report describes the adverse and costly consequences when an organization becomes a victim of domain name hijackings or misuse. Interisle recommends that organizations need to include domain names in their enterprise risk management planning and execution. Interisle's analysts describe incidents where major corporations, government agencies, financials, or crypto-currency exchanges fell victim to domain theft or “hijackings.” The research indicates that such hijacking incidents occur with disturbing frequency, even among the large enterprises or government services across the globe.

The report presents an in-depth analysis of how contact data for Internet domain names — which make all web sites, email, and apps work-has disappeared from public access, impeding cybercrime investigation, consumer protection, Internet security, and online commerce. The Interisle study finds that ICANN's GDPR-driven policy has resulted in the redaction of contact data for 57% of all generic Top-level Domain (gTLD) names, perhaps five times more contact data than is required by the GDPR.

Our goal in this Interisle study was to capture and analyze a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing.

The report measures the effectiveness and impact of ICANN's registration data access policies and procedures by examining the practices of 23 registrars, which collectively sponsor more than two-thirds of the registrations in the generic top-level domains (gTLDs). This study determines whether they comply with ICANN's policies and related contractual obligations, and also to the European Union's General Data Protection Regulation (EU GDPR).

In this study Interisle investigates how cybercriminals take advantage of bulk registration services to “weaponize” large numbers of domain names for their attacks.