This is The Security Skeptic's Typepad Profile.
Join Typepad and start following The Security Skeptic's activity
Join Now!
Already a member? Sign In
The Security Skeptic
Hilton Head Island, South Carolina, USA
Dave Piscitello is a 40 year networking and Internet veteran who now focuses on Internet Security. The opinions expressed here are my own and do not necessarily represent the opinions of Interisle Consulting Group.
Interests: Fitness & free weights, historical fiction, cooking, gardening, inclusive society, unintended consequences of commoditizing technology without consideration of privacy or security.
Recent Activity
Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of... Continue reading
Posted Oct 25, 2024 at The Security Skeptic
Phishing in 2024 shows no sign of a slowdown. Our Interisle team processed just slightly more than1M reports from our phishing feeds in the 3-month period ending July 31, 2024, a third straight reporting period where our collection exceeded. Phishers have firmly concentrated their registration efforts in the new gTLDs. For the period, more domain names were reported for phishing in the thirteen new gTLDs in this period's top 20 than were reported in the .COM TLD. Free or cheap, open registrations are a plague. These represent a small fraction (~10%) of registered domain names globally but year over year... Continue reading
Posted Aug 14, 2024 at The Security Skeptic
Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of... Continue reading
Posted Jul 23, 2024 at The Security Skeptic
2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported.... Continue reading
Posted May 8, 2024 at The Security Skeptic
2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported.... Continue reading
Posted May 8, 2024 at The Security Skeptic
Phishers have long embedded exact matches of brands in domain names that they register for phishing. Company, service, or product names in domains continue to deceive less technically savvy members of society. Phishers are increasingly using exact match strings to compose hostnames at free web sites for phishing. My Interisle colleagues and I looked at the web site domains and subdomains used in phishing attacks from November 2023 through January 2024. During that period, impersonation attacks against two brands stood out: United States Postal Service (USPS) and Facebook. Looking closely at these two brands, we are able to illustrate how... Continue reading
Posted May 3, 2024 at The Security Skeptic
The Spamhaus team recently interviewed me to learn more about Interisle's recent study, Cybercrime Supply Chain 2023, where we examine the supply chains used by cybercriminals to acquire resources for malware, spam, and phishing attacks. In Trends, policy and cheap TLDs - an interview with Dave Piscitello (Part 1), we dive into some of the study's key findings: Nearly 5 million domain names identified as resources for cybercrime. Over 1 million new gTLD domain names reported for spam activity. Over 500,000 subdomain hostnames reported as cybercrime resources at 229 subdomain resellers. The United States, China, India, Australia, and Hong Kong... Continue reading
Posted Mar 12, 2024 at The Security Skeptic
Image
My Interisle colleague and I published our quarterly phishing activity at the Cybercrime Information Center today. While phishing attack volume oscillated during 2023 - down during in the February - April 2023 period, up during the May - July 2023 period and down again for the August - October 2023 period - we still observed increases over time. The number of domains reported for phishing again decreased by slightly more than 1% but malicious registrations increased by a troubling 22%. Meta and USPS were the most impersonated brands. Phishing domains reported in the ccTLDs dropped to 22%, well below ~37%... Continue reading
Posted Jan 11, 2024 at The Security Skeptic
Today, my Interisle colleagues and I released a study, Cybercrime Supply Chain 2023: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them. Criminals who perpetrate malware, spam, phishing and other serious cybercrimes enjoy an enormous economic advantage over defenders and responders. They can acquire resources from an online cybercrime supply chain where everything from phishing kits and malicious software, email lists and mobile numbers, domain names and Internet addresses, and places to host attacks are all readily and cheaply available. Our report examines these supply chains. We examined over 10M reports collected at the Cybercrime Information Center... Continue reading
Posted Oct 23, 2023 at The Security Skeptic
Image
We have been in stealth mode collecting and processing spam reports for over a year. Time to unveil the data at the Cybercrime Information Center! Continue reading
Posted Oct 20, 2023 at The Security Skeptic
My colleagues at Interisle Consulting Group and I today announced the publication of an industry report, Phishing Landscape 2023, A Study of the Scope and Distribution of Phishing. We analyzed more than 11 million phishing reports collected from 1 May 2020 to 30 April 2023 to provide annual and triennial measurements of phishing. Our study identifies distinct, persistent exploitation and abuse of Internet resources, reveals that criminals can trivially acquire everything they need to phish. Among the major findings in the study, Interisle reports that: The number of phishing attacks has tripled since May 2020, and has increased 65% over... Continue reading
Posted Aug 9, 2023 at The Security Skeptic
M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the... Continue reading
Posted Dec 21, 2022 at The Security Skeptic
Image
A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing. Continue reading
Posted Nov 14, 2022 at The Security Skeptic
My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment. Continue reading
Posted Jul 27, 2022 at The Security Skeptic
My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks. Continue reading
Posted Jun 20, 2022 at The Security Skeptic
I was invited to participate in an 11 March 2022 meeting of the EU High Level Internet Governance expert group to discuss domain name abuse. Following a presentation of a Study on Domain Name System (DNS) Abuse commissioned by the European Commission, I gave a 5-minute intervention. This EC study is comprehensive and well worth reading. My Interisle colleagues are proud to have our Phishing Landscape 2021 Study and other related studies mentioned in the EC study. The transcript follows. Interisle intervention to EC HLIG on DNS Abuse Opening Remarks Thank you for the opportunity to address you today. My... Continue reading
Posted Mar 14, 2022 at The Security Skeptic
Image
A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory... Continue reading
Posted Mar 1, 2022 at The Security Skeptic
Image
Dave Piscitello and Dr. Colin Strutt As part of the US Covid-19 virus tax relief effort (American Rescue Plan Act of 2021, H.R.1319), the US Internal Revenue Service (IRS) issued a series of Economic Impact Payments to millions of eligible citizens. The third payment was authorized in March 2021. Criminals took note of this well-publicized program and put a phishing campaign together to profit by stealing and subsequently exploiting personal information of US citizens. Like many phishing campaigns, EIP phishing emails and text messages mimic correspondence to convince US citizens to submit personal information or an advance fee payment at... Continue reading
Posted Nov 30, 2021 at The Security Skeptic
My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing. From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected. Highlights from the study: Phishing increased by nearly 70% over the yearly period. Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands. Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD). We... Continue reading
Posted Oct 4, 2021 at The Security Skeptic
My Interisle colleagues, together with Greg Aaron, have completed an in-depth analysis of the effects of ICANN policy for WHOIS, a public lookup service that has until recently made it possible to identify who registered and controls a domain name. The European Union’s General Data Protection Regulation (GDPR), adopted in May 2018, restricted the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS. The implementation of this policy has been widely criticized,... Continue reading
Posted Jan 25, 2021 at The Security Skeptic
My colleagues Greg Aaron, Dr. Colin Strutt, Lyman Chapin and I have published a new research report, Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing. The report can be found at http://www.interisle.net/PhishingLandscape2020.html Our goal in this study was to capture and analyze a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing. We studied where phishers are getting the resources they need to perpetrate their crimes — where they obtain domain... Continue reading
Posted Oct 13, 2020 at The Security Skeptic
I attended (remotely) a Council of Europe cybercrime webinar on the impact of COVID on cybercrime last week. One of the most disturbing criminal activities discussed was the rise in reports of online predation. The National Center for Missing and Exploited Children (NCMEC) has received 4.2 million reports in April. That’s up 2 million from March 2020 and nearly 3 million from April 2019. (Forbes, 9 May 2020). This is not surprising - nearly everyone who is connected is spending more time on the Internet - but it's still terrifying. Look to the many government agencies have parental guidelines to... Continue reading
Posted May 26, 2020 at The Security Skeptic
My Interisle partners and colleague Greg Aaron have published a detailed study that measures the effectiveness and impact of ICANN's registration data access policies and procedures. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic. In our Press Release I make the comment that, “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate... Continue reading
Posted Mar 31, 2020 at The Security Skeptic
Microsoft and partners from 35 countries recently took action to dismantle the Necurs spam infrastructure. Microsoft's post calls Necurs a botnet but provides details that illustrate how much more than a botnet Necurs is: The Necurs infrastructure served as a spam delivery platform for spam, cryptomining and DDOS attacks. The spam campaigns contained stock scams, fake pharma, and Russian dating scams, malware and ransomware. The Necurs operators leased services to other criminal actors to perpetrate these attacks. These are characteristics that the Counsel of Europe's Convention on Cybercrime identifies as criminal activities in its Guidance notes on Spam. Many of... Continue reading
Posted Mar 17, 2020 at The Security Skeptic
My Interisle Consulting Group colleague, Dr. Colin Strutt and I have published a report, Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access http://interisle.net/criminaldomainabuse.html In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals. We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec... Continue reading
Posted Oct 18, 2019 at The Security Skeptic