Home / Industry

The State of Phishing

Over the last three years, the Anti-Phishing Working Group's semiannual Global Phishing Survey has become a widely cited source of information about the state of phishing and its place in the Internet landscape. Afilias' Director of Domain Security, Greg Aaron, has been co-authoring these reports with Rod Rasmussen of Internet Identity, with the goal to show the community what phishers are doing and how anti-abuse measures are effective. The newly published edition of the report highlights how criminals have utilized the domain name space, but offers good news about how the domain name community has helped diminish the effects of some very dangerous phishing. It's an encouraging success story.

The new Global Phishing Survey reveals that in the second half of 2009, the Avalanche phishing gang perpetrated two-thirds of all phishing attacks on the Internet! This criminal entity utilizes a botnet comprised of consumer-level computers to host its phishing and malware too. By running its own distributed, illegal hosting, the gang tries to make its phishing "bullet-proof" — resistant to take-down because there's no traditional hosting provider to call. But such phishing can be stopped by suspending the domain names. Fortunately we saw a number of domain name registrars and registries shut down Avalanche phishing in an increasingly effective fashion, often neutralizing the phishers' technical advantage.

In the second half of 2009, we saw Avalanche registered 4,141 domain names in various TLDs, and hosted up to 40 separate attacks on each domain. Avalanche prefers to register domains at registrars that react slowly (or not at all) to abuse reports and/or have weak fraud-detection routines. Similarly, Avalanche prefers TLDs where the registry operators do not have effective anti-abuse policies and procedures to help the registrars and provide swift action when needed. Unfortunately, we saw Avalanche victimize certain registrars and TLDs over and over again.

Avalanche and similar threats have prompted many industry members to adopt best practices to fight phishing and other criminal abuses. Afilias adopted its .INFO Anti-Abuse Policy in 2007, defining what constitutes abusive use, and reiterating the registry's right to take action. Registrars also have terms of service in their registration agreements, and those terms prohibit illegal activities and allow the registrars to suspend domain names at their discretion. In practice, Afilias monitors for phishing and other problems in the .INFO space, and communicates abuse reports and documentation to its registrars. The registrars examine the reports and work on mitigation as they feel appropriate. On occasion Afilias will also suspend domains directly, especially to stop large-scale abuse in a timely fashion. This kind of cooperation and information-sharing is adaptable and effective, allows registrars and registries to install good process, and appropriately manage risk. On a daily basis, it saves thousands of Internet users from becoming victims.

The 2009 data shows that Avalanche phish stayed up for less than half the time as other phish — a great result. How did it happen? First, the entire response community concentrated attention on Avalanche, pushing phishing attack alerts to each other. That response community includes the banks and online services targeted by the phishers, security companies and researchers, registries, and registrars. Second, a number of registrars and registries took quick action, looking for Avalanche domains and killing them through the summer and fall of 2009. Education and data sharing clearly helped. In November 2009, members of the security community shut down Avalanche's infrastructure for a week. After re-establishing its operations, Avalanche kept registering domains, but launched fewer attacks. Avalanche attacks decreased from 26,411 in October 2009 to just 59 in April 2010. We'll continue to monitor Avalanche, but it appears that overall, the domain industry may be more prepared for whatever comes next.

The median up-time for all phishing attacks on the Internet has fallen remarkably over the past two years, from 19 hours 30 minutes in early 2008 to 11 hours 44 minutes in the second half of 2009. The falling times point to improved awareness, responsiveness, and detection across the board. Here at Afilias, our policies and procedures have dissuaded phishers like Avalanche from registering .INFO domains, and non-Avalanche phish in .INFO stayed alive for less than half the industry average.

The results above emphasize the effectiveness of best practices and processes. Domain industry players are becoming increasingly sophisticated about e-crime, and can greatly improve the safety of the Internet for everyone.

To see all the details, please read the new APWG report (PDF).

Written by Ram Mohan, Executive Vice President & CTO, Afilias

About Afilias

Afilias

Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. Learn More

Related topics: Cybercrime, Cybersquatting, Domain Names, Registry Services, Malware, Security, Top-Level Domains

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Meet Boston Ivy, Home to Some of the Most Specialized TLDs in the Financial Services Sector

Move Beyond Defensive Domain Name Registrations, Towards Strategic Thinking

Is Your TLD Threat Mitigation Strategy up to Scratch?

Verisign Launches New gTLDs for the Korean Market, .닷컴 and .닷넷

Verisign Opens Landrush Program Period for .コム Domain Names

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Afilias Announces Relaunch of .GREEN TLD

Encrypting Inbound and Outbound Email Connections with PowerMTA

New .PROMO Domain Sunrise Period Begins Today

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

Minds + Machines Group Announces Outsourcing Agreements, Web Address Change

.STORE Opens its Doors to Brands

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Startup on .TECH New Top-Level Domain Receives $6.7 Million in Funding

United States Court Has Granted an Interim Relief for DCA Trust on .Africa gTLD

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

February Biggest Month to Date for Radix, Over 750K Domain Registrations

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Port25

Email

Sponsored by
Port25
Verisign

Security

Sponsored by
Verisign