Cybercrime Supply Chain 2024: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

Written By David Piscitello

Interisle Consulting Group researchers, using data from the Cybercrime Information Center, analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains.

Among the major findings in the study, Interisle reports that:

  • The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled, from 4 million to 8 million attacks.

  • Consumption of domain name resources by cybercriminals increased 81%. Over 8.6 million unique domains were used in cyberattacks compared to 4.8 million last year.

  • Over 2.6 million domains used in cyberattacks were registered in bulk, a 106% increase compared to last year.

  • Nearly 1.2 million subdomain hostnames were found to be used in attacks, an increase of over 114% compared to last year.

  • New generic top-level domains (gTLDs) accounted for 37% of cybercrime domains reported while holding only 11% of the total domain name market.

  • The number of IPv4 addresses reported for hosting cybercrime nearly doubled in both China and India.

Efforts to make it more difficult and costly for criminals to acquire these resources, conduct crimes, and “launder” criminal proceeds would help reduce the profitability and allure of the business.

Interisle's recommendations include:

  • Implement rigorous identify verification / certification requirements for parties wishing to bulk register domain names.

  • Limit the number of accounts and subdomains that a customer can register with free or inexpensive web hosting (subdomain) providers.

  • Expand the deployment of automated systems to screen for suspicious resource registration and use patterns.

  • Create “Trusted Reporter” programs across industry to facilitate swift suspension of cybercrime resources identified by recognized and trusted cybercrime monitors.

  • Penalize service providers that consistently and disproportionately supply cybercriminals with attack resources or incentivize them to stop.

Interisle notes that sustainable change will only occur if a broad range of stakeholders (including governments, where necessary) step up and implement real-world solutions to reduce criminal access to resources.

Interisle’s study was sponsored by the Anti Phishing Working Group (APWG, https://apwg.org), CAUCE (https://cauce.org), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG, https://m3aawg.org). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.

The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.

Comments can be submitted to feedback@interisle.net

David Piscitello
Next

Phishing Landscape 2024: An Annual Study of the Scope and Distribution of Phishing