Phishing attacks have evolved, presenting significant challenges to cybersecurity. The “Phishing Landscape 2024” report by Interisle Consulting Group provides an in-depth analysis of this cyber threat, exploring how phishers operate and suggesting strategies to counteract their activities. This blog post distills the key findings and recommendations from the report, offering insights into the current state of phishing and its implications for individuals, businesses, and policymakers.

 Key Findings from the Phishing Landscape 2024 Report

1. Increase in Phishing Attacks

The total number of phishing attacks rose by nearly 50,000 compared to the previous year, reaching just under 1.9 million incidents worldwide. This increase underscores the persistent and growing threat posed by phishing to online security.

2. Proliferation of Subdomain Providers

Phishing attacks hosted at subdomain providers surged by 51%, with over 450,000 reported names, representing 24% of all phishing attacks. This trend highlights the adaptability of phishers in exploiting new resources to launch their attacks.

3. Rise of the InterPlanetary File System (IPFS)

The use of IPFS for hosting phishing attacks increased dramatically by 1,300%, with approximately 19,000 reported phishing sites. This decentralized system provides phishers with a resilient platform to evade detection and takedown efforts.

4. Impact of Freenom’s Closure

After the closure of the phish-friendly domain registry Freenom, cybercriminals shifted to using inexpensive domain names in new generic top-level domains (gTLDs). This shift resulted in 42% of all domains reported for phishing being registered in new gTLDs, up from 25% last year.

5. Bulk Registrations and Hosting Providers

Bulk registration of domain names remains a common tactic among phishers, with at least 27% of all domains used in phishing attacks registered in bulk. Additionally, four of the top five hosting providers used by phishers are based in the United States, with one U.S. company accounting for over one-third of all phishing attacks.

6. Geographical Distribution and Policies

Domain name registration policies significantly influence phishing activity. For instance, robust customer verification requirements in Europe and the Asia-Pacific region correlate with lower levels of phishing.

  Key Recommendations for Mitigating Phishing

1. 1. Robust Identity Verification

Implement stringent identity verification and certification requirements for bulk domain registrations. Limiting the number of accounts and subdomains a customer can register at subdomain providers can also help curb phishing activities.

2. 2. Enhanced Verification Across Industries

Strengthen the verification of customers and submitted registration information across the domain name, subdomain, and hosting industries. Automated tools should be used to screen for bogus registration data and fraudulent payment information.

3. Automated Detection Systems

Deploy automated systems to screen for suspicious patterns of domain name and subdomain registrations. This includes identifying algorithmically generated names and names deceptively similar to known brands.

4. Proactive Hosting Resource Monitoring

Implement proactive procedures to identify and suspend hosting resources used for cybercrime. This includes timely suspension of suspicious accounts.

5. Trusted Reporter Programs

Establish “Trusted Reporter” programs across the industry to facilitate the swift suspension of phishing resources identified by recognized and trusted cybercrime monitors. 

6. Cross-Sector Collaboration

Foster more effective, outcome-oriented, cross-sector collaborations aimed at preventing and quickly mitigating criminal access to phishing resources. 

The Economic Impact of Phishing

Phishing has a devastating economic impact. The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) estimated over $12.5 billion in direct losses in the US alone in 2023, a 22% increase compared to 2022. Globally, the cost of cybercrime is expected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028, according to Statista. 

More than 90% of cyberattacks begin with phishing. This method serves as a gateway for further illegal and malicious activities, including fraud, ransomware, malware, and distributed denial of service (DDoS) attacks. Understanding and disrupting the cybercrime supply chain can help mitigate these risks. 

 The Cybercrime Supply Chain

The cybercrime supply chain consists of five key elements:

1. Obtain Attack Kit
2. Acquire Targets
3. Acquire Domain or Host Name
4. Acquire Hosting Site
5. Monetize Success

By focusing on the elements of acquiring domains or hostnames and acquiring hosting, stakeholders can disrupt the supply chain and reduce phishing activities. 

The “Phishing Landscape 2024” report provides critical insights into the evolving tactics of phishers and the resources they exploit. By implementing the recommended strategies and fostering cross-sector collaboration, stakeholders can significantly reduce the impact of phishing and enhance overall cybersecurity. The persistent threat of phishing underscores the need for continued vigilance and innovative approaches to protect individuals, businesses, and institutions from cybercrime.