Home / Blogs

2012 Global Phishing Trends: Uptime Down, Numbers Up

Ram Mohan

Despite security advances over the past year, including the increased deployment of DNSSEC, pirates continue to wreak havoc on the Internet. But before you decide that Internet security innovations are futile, consider this: online criminals are just like burglars in the physical world; they don't take new ways of blocking their best efforts lying down. They come up with new and, in some cases, stronger plans of attack.

Proof of that is in the most recent report from the Anti-Phishing Working Group (APWG), whose mission is to combat phishing on a worldwide scale by eliminating fraud, crime and identity theft. Professionals from a broad spectrum of industries comprise the group and Afilias is proud to be a supporter and a steering group member.

The report, Global Phishing Survey: Trends and Domain Name Use in 1H2012, contains mixed news.

The good news is that the average uptime of phishing attacks is down. The longer a phishing attack remains active, the more money the targeted individuals and institutions lose. That means uptimes are a good indicator of how successful efforts to block phishing attacks have been. In 1H2012, uptimes fell to a record low of 23 hours and 10 minutes. That's approximately half of what it was in late 2011, and it is by far the lowest uptime recorded since the APWG began issuing the semi-annual report in 2008.

The bad news? The survey found that while the duration of the attacks fell, the number of them increased. During 1H2012, there were at least 93,462 attacks — 12 percent more in the same time period a year earlier.

Trends to Note

The report also contains a number of findings for further consideration.

First, phishers continue to abuse services related to subdomains. Accordingly, the trend of phishers registering subdomains more frequently than regular domain names continues since subdomains can be more difficult to spot than second-level domains. In 1H2012, there were 13,307 phishing attacks hosted on subdomain services compared to 7,712 that used second-level domains. However, the overall use of subdomains for phishing purposes fell from 21 percent of all attacks to just 14 percent.

As phishers focus on larger and more popular targets, the number of targeted institutions continues to decrease. There is also a growing emphasis on gaining access to e-mail accounts, which phishers use to spam from whitelisted services such as Gmail, Hotmail and Yahoo.

China continues to be a hot spot for phishing-related activity. The report notes that phishers who attacked Chinese institutions were responsible for two-thirds of all the malicious domain name registrations made in the entire world. While the phishers didn't use .CN domain names, they did use both Chinese and non-Chinese registrars.
South America is often cited as a region that's experiencing tremendous economic growth. Unfortunately, it's also a region where Web servers that are compromised by phishers is a growing phenomenon.

The extent to which phishing attacks proliferate — or become a real but benign fact of life — is up to all of us whose work involves Internet security. If that's you, I recommend you read the APWG report in its entirety.

By Ram Mohan, Executive Vice President & CTO, Afilias – Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry. Visit Page
Follow CircleID on
Related topics: DNS Security

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.




Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign


Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC


Sponsored byVerisign