Home / Blogs

2012 Global Phishing Trends: Uptime Down, Numbers Up

Ram Mohan

Despite security advances over the past year, including the increased deployment of DNSSEC, pirates continue to wreak havoc on the Internet. But before you decide that Internet security innovations are futile, consider this: online criminals are just like burglars in the physical world; they don't take new ways of blocking their best efforts lying down. They come up with new and, in some cases, stronger plans of attack.

Proof of that is in the most recent report from the Anti-Phishing Working Group (APWG), whose mission is to combat phishing on a worldwide scale by eliminating fraud, crime and identity theft. Professionals from a broad spectrum of industries comprise the group and Afilias is proud to be a supporter and a steering group member.

The report, Global Phishing Survey: Trends and Domain Name Use in 1H2012, contains mixed news.

The good news is that the average uptime of phishing attacks is down. The longer a phishing attack remains active, the more money the targeted individuals and institutions lose. That means uptimes are a good indicator of how successful efforts to block phishing attacks have been. In 1H2012, uptimes fell to a record low of 23 hours and 10 minutes. That's approximately half of what it was in late 2011, and it is by far the lowest uptime recorded since the APWG began issuing the semi-annual report in 2008.

The bad news? The survey found that while the duration of the attacks fell, the number of them increased. During 1H2012, there were at least 93,462 attacks — 12 percent more in the same time period a year earlier.

Trends to Note

The report also contains a number of findings for further consideration.

First, phishers continue to abuse services related to subdomains. Accordingly, the trend of phishers registering subdomains more frequently than regular domain names continues since subdomains can be more difficult to spot than second-level domains. In 1H2012, there were 13,307 phishing attacks hosted on subdomain services compared to 7,712 that used second-level domains. However, the overall use of subdomains for phishing purposes fell from 21 percent of all attacks to just 14 percent.

As phishers focus on larger and more popular targets, the number of targeted institutions continues to decrease. There is also a growing emphasis on gaining access to e-mail accounts, which phishers use to spam from whitelisted services such as Gmail, Hotmail and Yahoo.

China continues to be a hot spot for phishing-related activity. The report notes that phishers who attacked Chinese institutions were responsible for two-thirds of all the malicious domain name registrations made in the entire world. While the phishers didn't use .CN domain names, they did use both Chinese and non-Chinese registrars.
South America is often cited as a region that's experiencing tremendous economic growth. Unfortunately, it's also a region where Web servers that are compromised by phishers is a growing phenomenon.

The extent to which phishing attacks proliferate — or become a real but benign fact of life — is up to all of us whose work involves Internet security. If that's you, I recommend you read the APWG report in its entirety.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS Security


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Is Your TLD Threat Mitigation Strategy up to Scratch?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Introducing the Verisign DNS Firewall

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

What's in Your Attack Surface?

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi