Latest News
7 August 2024
Karen Rose Published Article on Cybercrime
Karen Rose published an article in CircleID “Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures” summarizing some of the results of the Phishing Landscape Study 2024 report recently published by Interisle.
——————————
26 July 2024
Dave Piscitello Interviewed by Domain Name Wire
Andrew Alleman and Dave Piscitello discuss Interisle’s recently published Phishing Landscape Study 2024 in a Domain Name Wire podcast, Which domains phishers use – DNW Podcast #495. During the interview, Dave explains the history of Interisle’s landscape studies and explains trends in phishing since the studies began in 2021. Allen and Dave then disccuss how phishers have employed Top-level Domains (TLDs) “opportunistically” over time, always migrating or returning to the all too numerous free, cheap, and easily registered generic TLDs and increasingly, to subdomain providers. Allen and Dave wrap up the podcast with a critical look at how registries and registrars could take preventative actions and speculate why they do not.
——————————
23 July 2024
Phishing Landscape 2024: An Annual Study of the Scope and Distribution of Phishing
Interisle Consulting Group today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. The study measures phishing activity over the last year, examines how phishers operate, and recommends strategies to disrupt how and where phishers get their resources.
Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period.
——————————
29 May 2024
KrebsOnSecurity cites Interisle study in Investigation of Stark Industries
Brian Krebs recently published an extensive exposé on Stark Industries Solutions that revealed the hosting firm as “a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.” Brian begins his exposé weeks before the Russian invasion of Ukraine in February 2022. He explains how the cyber threat intelligence community determined that patriotic Russian hacking groups used Stark Industries’ proxy and VPN services to conduct DDOS attacks since the start of the war. Brian used data and findings from several “attack trackers” including Interisle, that “offers some insight into its customer base, usage, and maybe even true origins” of Stark Industry Solutions.
——————————
3 May 2024
Spotlight: Impersonation phishing using exact match hostnames
Phishers have long embedded exact matches of brands in domain names that they register for phishing. Company, service, or product names in domains continue to deceive less technically savvy members of society. Phishers are increasingly using exact match strings to compose hostnames at free web sites for phishing.
We studied web site hostnames and domain names used in phishing attacks from November 2023 through January 2024. During that period, impersonation attacks against two brands stood out: United States Postal Service (USPS) and Facebook. Looking closely at these two brands, we are able to illustrate how phishers employ two different naming methods.
——————————
29 April 2024
Interisle Provides Comments on Proposed Rules Addressing Cyber-Enabled Activities
Responding to the U.S. Department of Commerce’s Notice of Proposed Rulemaking "Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities", This proposed rulemaking solicited comments on proposed special measures to deter foreign malicious cyber actors' use of U.S. IaaS products. Interisle submitted comments regarding the proposal of regulations to “verify the identity of foreign customers of IaaS products”, in particular noting that the DNS should be treated as an IaaS. Interisle also commented on the proposal of regulations that “require providers of certain IaaS products to submit a report to the Secretary when a foreign person transacts with that provider or reseller to train a large Artificial Intelligence (AI) model with potential capabilities that could be used in malicious cyber-enabled activity”. Interisle’s comments are based on what we have observed analyzing cybercrime data from the Cybercrime Information Center.
——————————
27 April 2024
Andy Malis co-authors 49th IETF Request For Comment (RFC) document
Interisle partner Andy Malis participates in the Internet Engineering Task Force's (IETF's) Deterministic Networking (DetNet) project, focused on deterministic data paths providing bounds on latency, loss, jitter, and high reliability. DetNet is publishing Requests For Comments (RFCs, the IETF's standards documents) on this topic, with Andy as co-author on seven of the project's RFCs. This new RFC 9566, Deterministic Networking (DetNet) Packet Replication, Elimination, and Ordering Functions (PREOF) via MPLS over UDP/IP, is Andy's 49th IETF RFC overall. It describes how the DetNet IP data plane can support DetNet's Packet Replication, Elimination, and Ordering Functions (PREOF) built on the existing MPLS PREOF solution defined for the DetNet MPLS data plane. The RFC can be found at https://www.rfc-editor.org/rfc/rfc9566.html.
——————————
15 March 2024
Trends in Spam
Analysis of spam data collected from December 2023 to February 2024 revealed a 20% drop in spam domains over the reporting period. This follows a modest quarter over quarter decline from earlier reporting periods. The declines appear to coincide with increased use of user accounts at subdomain service providers. Eight of the ten registrars from our September-November 2023 reporting period appear in our ranking of domain registrars by number of spam domains under management for this period. Since June 2023, our top 10 hosting networks continues to include mostly the same operators. Read the detailed analysis at the Cybercrime Information Center.
——————————
13 February 2024
Spamhaus Interviews Dave Piscitello
The Spamhaus team interviewed Dave Piscitello to learn more about Interisle's recent study of the supply chains used by cybercriminals to acquire resources for malware, spam, and phishing attacks (see Cybercrime Supply Chain 2023). The interview was published in two parts.
Trends, policy and cheap TLDs - an interview with Dave Piscitello (Part 1) reviews some of the study's key findings. Registration, collaboration and disruption - an interview with Dave Piscitello (Part 2) reviews how criminals exploit domain registration services. Dave calls attention to bulk domain registration services - domains registered by cybercriminals, by the thousands, in seconds - as the most serious registration threat (see Weaponizing Domain Names: how bulk registration aids global spam campaigns). He concludes the interview by explaining why adopting the well-known strategy of disrupting supply lines can be effective in mitigating cybercrime.
——————————
31 January 2024
M3AAWG DNS Abuse Report
A new report from M3AAWG quotes from Interisle's Criminal Abuse of Domain Names report and additionally cites Interisle's Phishing Landscape 2020 report. Read their complete report at M3AAWG DNS Abuse Prevention, Remediation, and Mitigation Practices for Registrars and Registries.
——————————
23 January 2024
Trends in Spam
Analysis of spam data collected from September to November 2023 shows that the number of domains reported for spam declined for the third straight quarter. But that still represents over 200,000 unique spam domains each month. New gTLDs and subdomain reseller accounts continue to attract more spammers. Bulk registrations of spam domains during 2023 were unacceptably high: for the whole year, we determined that 36% of domains used in spam campaigns were registered maliciously (i.e., by spammers, for spam). It's insulting to dismiss spam emitted using these weaponized domains as abuses. They are, or they abet, criminal acts. Read the detailed analysis at the Cybercrime Information Center.
——————————
11 January 2024
Changes in Phishing
While phishing attack volume oscillated during 2023 — down during in the February–April 2023 period, up during the May–July 2023 period and down again for the August–October 2023 period — phishing is still increasing over time. While the number of domains reported for phishing again decreased ~1%, malicious registrations increased by a troubling 22%. Meta and USPS were the most impersonated brands. Phishing domains reported in the ccTLDs dropped to 22%, well below the ~37% ccTLD market share. With Freenom out of the domain registration business, phishers are exploiting the new TLDs, particularly those with cheap registration fees. For more insights, read our Phishing Trends, including key measurements and operator rankings (TLDs, registrars, and hosters).
——————————
1 November 2023
Interisle's Andy Malis Awarded 10th Patent
Andy Malis was granted US Patent 11,792,045, Elastic VPN That Bridges Remote Islands, on October 17, 2023. This patent enables enterprise networks that employ cloud computing to offload processing tasks to third party data centers. Virtual private networking techniques can be used to securely transmit data between the enterprise networks and the data centers housing the cloud networks via the Internet. This allows enterprise users to move application functionality between data centers, for example to dynamically allocate processing power at data centers that are geographically closest to an active end user base at any specified date/time. This approach allows processing power to be dynamically allocated and deallocated to support branch office networks that rely on the enterprise network.
——————————
23 October 2023
Cybercrime Supply Chain 2023
Interisle has published a major new research report, Cybercrime Supply Chain 2023: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them, finding persistent patterns of exploitation and abuse. Interisle analyzed more than 10 million cybercrime records and found distinct, persistent patterns of exploitation and abuse covering a 365-day period from September 2022 to August 2023. The report notes that current reactive efforts cannot curtail cybercrime and the harm it inflicts on Internet users, and recommends implementation of measures that, working together, policy regimes, governments, service providers, and private sector can use to disrupt the cybercrime supply chain. The study was sponsored by APWG, CAUCE, and M3AAWG.
——————————
12 October 2023
Interisle Responds to UK DSTI on Domain Abuse
Cybercrime and domain name abuse are key concerns of governments and other stakeholder worldwide. Successful mitigation of these problems will require a global, cross-sectoral approach, including appropriate action by governments. Interisle Consulting Group contributed to the UK Department for Science, Innovation and Technology's (DSTI) recent consultation Powers in Relation to UK-Related Domain Name Registries, which seeks input on policies for mitigating domain name abuse and misuse in UK-related top-level domains (TLDs). Drawing on finding from its recent Phishing Landscape 2023 report, Interisle's response underscores how effective policies and procedures must aim at preventing criminals from maliciously registering names in the first place, not just cleaning up after abuse has already occurred. It also discusses the benefits in using the Council of Europe's Convention on Cybercrime's descriptions of harmful activities as a basis for defining prohibited uses of domain names, including facilitating multi-jurisdictional abuse mitigation and enforcement. Read our full contribution.
——————————
1 September 2023
Why is .US Being Used to Phish So Many of Us? (1 September 2023)
Brian Krebs, reporting at KrebsOnSecurity, citing Interisle's Phishing Landscape 2023 report, noted that "domains names ending in .US […] are among the most prevalent in phishing scams".
Krebs notes that .US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce and NTIA contracts out management of .US to GoDaddy. However, "In response to questions from KrebsOnSecurity, GoDaddy said all .US registrants must certify that they meet the NTIA's nexus requirements. But this appears to be little more than an affirmative response that is already pre-selected for all new registrants."
Data from the Cybercrime Information Center show many examples of common brand names being used in .US domain names that have been registered and subsequently identified in phishing attacks.
——————————
9 August 2023
Phishing Landscape 2023
Interisle Consulting Group has published a major new research report, Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing. Interisle has collected more than 11 million phishing reports over a three-year period, showing a tripling of phishingn attacks since May 2020, and a 65% increase since the previous yearly study. The number of unique domains names continues to increase. 90% of phishing domains in new gTLDs are in just 25 new gTLDs. Two-thirds of phishing domain names were registered specifically for phishing. The report includes recommendations for registries and registrars, emphasizing that mitigation requires cross-industry collaboration. Absent effective mitigation, litigation has yielded results — when Freenom stopped offering domain names, the number of Freenom domains used for phishing plummeted.
——————————
31 May 2023
Interisle research on display at Krebs on Security
American journalist and investigative reporter Brian Krebs cited data and findings from Interisle's 2021 Phishing Landscape Study in a March 7 column, ‘Sued by Meta, Freenom Halts Domain Registrations’. Following several exchanges on Mastodon, Brian took a deeper dive into Freenom's Freefall with Interisle partners Dave Piscitello and Colin Strutt. Brian then published a follow-up piece, ‘Phishing Domains Tanked After Meta Sued Freenom, where he shares charts and trendlines prepared by Colin using data collected at the Cybercrime Information Center and observations by Dave on why legal action may be an effective recourse for brands targeted by phishers.
——————————
12 April 2023
Collateral Damage from Freenom Phishing Attacks
Brian Krebs, reporting at KrebsOnSecurity, recently reported that, sued by Meta, registry operator Freenom halted domain registrations.
According to Krebs, Meta alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Meta's actions come as no surprise to us. The Cybercrime Information Center has collected phishing data since May 2020. Freenom's commercialized ccTLDs have repeatedly appeared among the TLDs with the most phishing domains and highest phishing scores.
While brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks. In a post on the CyberCrime Information Center we show that while brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks as well.
——————————
16 March 2023
Interisle Welcomes New Associate Karen Rose
No, not the romantic suspense author who wrote Cold Blooded Liar-the internationally recognized Internet policy and digital economy expert who served as Senior Director of Strategy and Analysis at the Internet Society. Karen's 30 years of public and private sector experience and her reputation for insightful analysis of global Internet issues extend and amplify Interisle's ability to provide authoritative advice to its clients. You can watch her describe ICANN's relationship with the U.S. Government—and her role in creating it—in this interview for the ICANN History Project.
——————————
14 March 2023
Malware Landscape 2023
Interisle Consulting Group has published a major new research report, Malware Landscape 2023: A Study of the Scope and Distribution of Malware. Interisle reviewed over 7 million reports of distinct malware events from January 2022 to December 2022 collected by the Cybercrime Information Center, examining malware that attacks both IoT and user-attended devices ("endpoints"). This year Interisle also studied reports of malicious traffic sources: malware that is used to scan web sites for exploitable vulnerabilities, to inject malicious content into web forms, or to conduct denial of service attacks.
——————————
9 March 2023
Interisle's Andy Malis Awarded 7th Patent
Andy Malis was granted US Patent 11,582,148 on February 14, 2023, MPLS Extension Headers for In-Network Services. This patent describes methods and devices (e.g., routers) that add in-network services to a multiprotocol label switching (MPLS) network. This can include an MPLS network router receiving and modifying a packet by adding one or more MPLS extension headers, adding one or more extension header(s), and adding an indication within an MPLS label stack that one or more MPLS extension headers have been added to the packet.
——————————
28 February 2023
Another Quarter's Malware Analyzed
Analysis of the October to December 2022 malware data from the CyberCrime Information Center shows a 34% increase in IoT malware and a 31% increase in endpoint malware compared to the previous quarter. Mozi is on the rise again, and vulnerability scanners are running rampant. Also noteworthy, there was a 121% increase in domains names reported for hosting malware.