Blog

  • We saw a 20% drop in spam domains in the December - February 2024 reporting period. This follows a modest quarter over quarter decline from earlier reporting periods. The declines appear to coincide with increased use of user accounts at subdomain service providers. Eight of the ten registrars from our September-November 2023 reporting period appear in our ranking of domain registrars by number of spam domains under management for this period. Since June 2023, our top 10 hosting networks continues to include mostly the same operators. More

  • Spam domains reported declined for the third straight quarter, but we still see over 200,000 unique spam domains month after month. New TLDs and subdomain reseller accounts continued to attract more spammers. Bulk registrations of spam domains over the course of 2023 were unacceptably high. More

  • Malware activity has fluctuated throughout 2023. It’s tempting to speculate that malware attackers take breaks after holiday and tax seasons, but we’ll need to observe several nire years of activity before we make that claim. And the attackers will likely change before we can. For now, we saw less malware activity than we saw in the prior quarter. More

  • Spammers are alive and thriving. We observed declines compared to the previous quarter in the number of spam reports that we collected from feeds, the number of unique domains, registrars, subdomain resellers, and the number of hosting networks that had gTLD domains under management reported for hosting spammed content or spambots. Here, we make observations from a careful analyses of the 1.3 million spam reports that we processed for this quarterly period. More

  • The theme for the May - July 2023 reporting period was… CHANGE. After a drop in phishing attacks reported in the February - April 2023 period, phishing attacks increased 21% during the May - July 2023 period. Phishers lost a mainstream supply chain when Freenom stopped processing domain registrations in its five commercial ccTLDs. The number of domains reported for phishing decreased 15%, but… more

  • May 2022 - April 2023 was a tumultuous period for cryptocurrency. The market was most adversely affected in Q2 2022, and then traded sideways in the low $1T range for the remainder of the year. The market has recovered slightly during the beginning of 2023 but the total market cap was less than ½ of the $2T reported for 2021. Cryptocurrency phishing, however, continues to flourishes. More

  • What do malware and sand have in common? They shift. In 2Q2023, we saw endpoint malware rise and IoT malware decline. The top hosting networks most frequently reported for hosting malware stayed the same but changed positions. Attackware and traffic injector malware reports increased but malicious traffic sources increased. More

  • Ups and downs! Domain names reported for phishing decreased dramatically. However, we saw more phishing attacks “per domain” and significantly more phishing attacks hosted at subdomain service providers.The percent of maliciously registered phishing domains remained largely the same. But the biggest news: we’ve observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs. More.

  • A summary of malware activity from January 1 through March 31, 2023. Endpoint malware reports decreased dramatically. Unique domains reported for hosting malware decreased 38%. IoT malware reports increased 21%. Malicious traffic sources also decreased. Attackers resting after a taxing holiday season? Unlikely:-) More…

  • While victims of phishing attacks are the most harmed parties, other parties such as hosting operators received collateral damage from phishing attacks. Here we look at domain names registered through Freenom and hosted at A2 Hosting. More

  • Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some insights from the phishing activity reported for the November - December 2023 period. More

  • A summary of malware activity from October 1 through December 31, 2022. IoT Malware increased 34%: Mozi… on the rise again? Endpoint malware increased 31%. Also noteworthy…121% increase in unique domain names reported for hosting malware. Oh, and vulnerability scanners are running rampant. More..

  • Dave Piscitello gave a virtual presentation on Thursday, 1 December 2022, at the APWG eCrime 2022 Symposium titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. Dave discussed how the lack of taxonomic conventions affects measurements and comparisons across studies. Download the presentation.

  • Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the phishing landscape for the August - October 2022 period. More

  • Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue…

  • Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the phishing landscape. Continue

  • Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue

  • We are now processing reports of IP addresses that host scripts or executables that are used to inject malicious content, disrupt services, or to expose and exploit vulnerabilities. These reports are different from our existing sub-families, IoT Malware and Endpoint Malware, so we have decided to add a new sub-family in our classification taxonomy, Malicious IP Address. Continue

  • Today, we will use records published at the Cybercrime Information Center to study where criminals shop for phishing domains in generic Top-level Domains (gTLDs). Continue

  • Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape. Continue

  • We have made some changes and improvements to the Cybercrime Information Center. These expand our analytics capabilities and allow us to provide more and broader insights regarding how and where criminals obtain the resources that they use to commit cybercrimes. Continue

  • In this post, we demonstrate how you can use Excel and the data that the Center publishes to generate custom statistics. Continue

  • In this post, we demonstrate how you can use the Cybercrime Information Center’s quarterly phishing activity table data to study which Top-level Domains criminals are using for domain names that they purposely register for phishing. Continue