Interisle Consulting released a study, partly funded by CAUCE, that examines the supply chains that cybercriminals use to acquire resources for malware, spam and phishing attacks. The study used over 10M reports collected at their Cybercrime Information Center to identify the many resources commonly used by criminals and focuses in particular on the name and addressing resources. It ranks the service providers and operators where criminals most often acquired these over the period from September 2022 to August 2023.
The Executive Summary and Full Report are available at https://interisle.net/CybercrimeSupplyChain2023.html.
The study’s major findings are:
- Nearly 5 million domain names were identified as resources for cybercrime.
- Over 1 million domain names reported for spam activity were registered in the new ICANN contracted gTLDs.
- Over 500,000 subdomain hostnames were resources for cybercrime at 229 subdomain resellers.
- Criminals acquire domain names in volume: over 1.5 million domains exhibited characteristics of malicious bulk domain registration.
- Brand infringement is commonplace in domains registered by criminals to perpetrate cybercrimes. Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
- The United States had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.
The report shows that the current reactive efforts of the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users. Interisle believes that adopting the well-known strategy of disrupting supply lines can effectively mitigate cybercrime.
In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.
The study was sponsored by the AntiPhishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.