The number of domain names used for phishing reached an all-time high, according to a new report by the the Anti-Phishing Working Group (APWG). Many of these were registered by Chinese phishers, who register the domains at registrars in the USA and China.
Phishing attacks are being waged across an increasingly broad set of industries. This shows criminals attacking where consumers may least expect it. Targets included a manufacturer of industrial supplies that specializes in fasteners, telephone companies and insurance companies, the U.S. toll road collection system E-ZPass, as well as power utilities in Europe.
“In the meantime, the top phishing targets are being hit as heavily as ever,” said Greg Aaron, President of Illumintel. “The top 10 targets accounted for over three quarters of all phishing attacks waged worldwide. The hardest hit targets are sometimes fending off a hundred different phishing attacks each per day.”
The study found that in the second half of 2014, the median uptime of phishing attacks increased to 10 hours 6 minutes — up from 8 hours and 42 minutes in 1H2014. This means that phishing attacks were not being shut down as efficiently in the critical first hours, when most victims fall prey.
“Phishers are registering more domains names than ever before,” said Rod Rasmussen, CTO of IID. “Phishing in the new top-level domains started slowly, and we expect to see phishing levels in them rise as time goes on. As usual we see problems concentrated at certain domain registries, domain registrars, and subdomain registries. This emphasizes the need for providers to be vigilant and clamp down on problems, rather than letting cybercriminals have easy access to the resources they need.”