Read the original article: Phishing 2020: A Concentrated Dose of Badness
How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020.
The data revealed more than 122,000 newly discovered phishing sites, on 99,412 different domain names. One of the things we established is those numbers are just a floor. Phishing is a much larger problem than is reported, and we explore how this is due to gaps in detection, gaps in data sharing, and the lack of WHOIS data. An ominous problem is: how much phishing is not being detected at all?
The data also shows that most phishing is concentrated at a small number of domain registrars, domain registries, and hosting providers. These providers can make a significant impact on phishing if they implement better anti-abuse programs. The report breaks the data down, with rankings and ratings.
We took a special look at “maliciously registered domain names” — domains registered by the phishers themselves. These domains are important for two reasons. First, there are reliable ways that registrars and registry operators can identify them, often before they are used. Second, these domains can be suspended by registrars and registry operators without creating any collateral damage. The data shows that almost half of all maliciously registered domains were purchased at just ten gTLD registrars. More than 88% of the maliciously registered domains in our data set occurred in just 20 top-level domains. Again, this presents opportunities for a few providers to put a big dent in phishing.
We also looked at the timing of these domain name registrations, and at recent research about how long phishing attacks last. One of the conclusions is that registries, registrars, and hosting providers should implement better anti-abuse programs that focus more on prevention. Many anti-abuse programs focus on mitigation — taking steps to stop a phishing attack once it is underway. That’s a reactive stance, and by the time a mitigation effort gets underway, the phishing has already taken place. In some places, these reactive programs are allowing constant cycles of new phishing, leading to no overall improvement of Internet safety. Mitigation and proactive prevention are two very different things, both are possible to implement, and both are needed.
We invite you to read the full report, or just the executve summary.
Written by Greg Aaron, President, Illumintel Inc.
Read the original article: Phishing 2020: A Concentrated Dose of Badness