This report examines all the phishing attacks detected in the first half of 2014 (January 1 to June 30).
One thing that can’t be emphasized enough is the effect on phishing that free domain names have. Most of the phishing that didn’t involve a hacked domain name was done using a free domain name like .TK. I am waiting for the next report to see what impact will have all the free New gTLD domains from .xyz, .ovh, .science etc. will have.
Some Key Findings in this report:
- The introduction of new top-level domains did not have an immediate major impact on phishing.
- Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
- Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
- Apple became the world’s most-phished brand.
- The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
- The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
- Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.
Some key statistics:
- The attacks occurred on 87,901 unique domain names. This is up from the 82,163 domains used in 2H2013.
- The number of domain names in the world grew from 271.5 million in November 2013 to 279.5 million in April 2014
- Of the 87,901 phishing domains, we identified 22,679 domain names that we believe were registered maliciously, by phishers.This is almost the same number found in 2H2013.
- Most of these registrations were made by Chinese phishers, especially using free domain name registrations in certain TLDs like .tk. The other 59,485 domains were almost all hacked or compromised on vulnerable Web hosting.
- Phishing occurred in 227 top-level domains (TLDs), but 90% of the malicious domain registrations(20,565) were in just five TLDs: .COM, .TK, .PW, .CF. and .NET.
- A small number of phishing attacks were seen in the new generic top-level domains that began launching in early 2014.
- Only about 1.7% of all domain names that were used for phishing contained a brand name or variation thereof.