Total Number of Phishing Sites Almost Halves in 2018: APWG

APWG logo

The total number of phishing sites detected by the Anti-Phishing Working Group (APWG) went close to halving in 2018, from 263,538 at the beginning of the first quarter to 233,040 at the beginning of the second, 151014 at the beginning of the third and at the beginning of the fourth quarter there were 138,328. These were findings in the APWG’s Phishing Activity Trends Report for the Fourth Quarter of 2018 [pdf]. However the report notes detection of phishing sites has become harder because phishers are obfuscating phishing URLs with multiple redirections.

When it comes to the most targeted industry sectors, APWG
member MarkMonitor saw phishing that targeted software as a service (SaaS)and
Webmail services’ brands jump from 20.1% of all attacks in the third quarter to
almost 30% in the fourth. Attacks against cloud storage and file hosting sites
continued to drop, decreasing from 11.3%of all attacks in Q1 2018 to 4% in Q4.

For domain names used for phishing, RiskIQ analysed 6,718
confirmed phishing URLs reported to APWG in Q4 2018, and found that they were
hosted on 4,485 unique second-level domains (and 100 were hosted on unique IP
addresses, without domains).

Among the legacy gTLDs, of which .com is by far the largest,
they represented almost half (49.57%) of the domain names in the world as of
the beginning of Q4, and represented 56.43% of the phishing domains in the
sample set. Most of these were in .com which had 2,098 domains in the set.
There were 2,531 legacy gTLDs domain names in the sample set.

New generic top-level domains (new gTLDs), the largest being
.top and .xyz, represented 6.83% of domain names under management (DUM)
globally and 4.95% of the domains in the sample set. There were 222 new gTLD
domains in the set.

The country code top level domains (ccTLDs) accounted for 43.6%
of domain names globally as of the beginning of Q4, and accounted for 38.62% of
the domains in the sample set. There were 1,732 ccTLD domain names in the
sample set. ccTLD Internationalised domain names are included as part of this
category, but there was only one such domain(.рф) in the set.

After .com’s 2.098 domain names in the set, the Palu ccTLD
.pw came second with 374 unique domain names used for phishing, then .net
(175), .org (154) and .uk (121), being the only TLDs with more than 100. There
were a number of ccTLDs with low registration figures, often given away for
free, that figure highly on the list, such as .cf (Central African Republic)
with 84, .ml (Mali, 78) and .ga (Gabon, 68).

These “repurposed” ccTLDs, and a few others such as .tk and
.gq, have notable amounts of phishing in them are are TLDs that phishers went
to register domain names directly to perpetrate their crimes. These “repurposed”
ccTLDs have granted their management rights to third parties who have then
commercialised them. .TK, .ML, .GA, .CF, and .GQ are all operated by a Dutch
company that offers domain names in those ccTLDs for free, while .PW is
operated by a company based in India.

Some new gTLDs also rank high for phishing activity.

“.XYZ represented 8% of the registered new gTLD domain names
in the world as of the beginning of the quarter, but 16.67% of the reported
phishing new gTLDs in the quarter,” said Jonathan Matkowsky of RiskIQ. “.LOAN was
a larger piece of the total new gTLD market than .XYZ as of the beginning of
the quarter, but there was only one reported .LOAN domain used for phishing in
our sample set. .TOP represented 14.4% of the total new gTLD market at the beginning
of the quarter, but only 4.5% of the reporting phishing domains this
quarter—half as many as in Q3.”

The report also found the default protocol HTTPs was used by
48.4% of all the websites in December 2018. Many phishing attacks are on hacked
web sites, so it is not surprising that about the same percentage of phishing
sites use the HTTPS encryption protocol.

The latest Phishing Activity Trends Report for the 4th Quarter of 2018 from the Anti Phishing Working Group is available for download from:
http://docs.apwg.org/reports/apwg_trends_report_q4_2018.pdf

This latest Domain News has been posted from here: Source Link