Phishing attacks have seen a significant surge of nearly 40% in the year ending August 2024, with a substantial portion of this increase being attributed to the use of new generic top-level domains (gTLDs) such as .shop, .top, and .xyz.
Research conducted by Interisle Consulting sheds light on how these domains, known for their minimal registration requirements and low costs, have become a preferred choice for cybercriminals looking to carry out fraudulent activities online. This rise in phishing attacks linked to new gTLDs has raised concerns among cybersecurity experts, especially as the Internet Corporation for Assigned Names and Numbers (ICANN) moves forward with plans to introduce even more gTLDs into the domain namespace.
The study conducted by Interisle reveals that although new gTLDs only represent a small portion (11%) of the market for new domains, they accounted for a significant 37% of reported cybercrime domains between September 2023 and August 2024. Data sourced from various anti-spam organizations, including the Anti-Phishing Working Group (APWG), indicates that cybercriminals are increasingly gravitating towards these newer domains for their malicious activities.
The appeal of new gTLDs to cybercriminals lies in their affordability and relaxed registration criteria. With many of these domains available for less than $2, phishers find it easy to purchase multiple domains without having to make a substantial financial investment. This stands in stark contrast to traditional .com domains, which are priced at $5.91, making them a less attractive option for malicious actors.
Critics like John Levine, president of the Coalition Against Unsolicited Commercial Email (CAUCE), have voiced concerns over ICANN’s approach to introducing new gTLDs, suggesting that the organization is more focused on financial gains rather than enforcing strict registration policies to combat cybercrime. Levine warns that without stricter measures in place, the proliferation of new gTLDs will only serve to further enable cybercriminal activities.
In addition to the rise in phishing activities linked to new gTLDs, Interisle’s report highlights a shift in targets. While large tech companies like Apple, Facebook, and Google were previously popular targets for phishing attacks, the U.S. Postal Service emerged as the most-phished entity in the past year. This shift is partly attributed to cybercriminals like Chenlun, who have developed phishing kits specifically targeting postal services worldwide.
Furthermore, reports indicate that aside from gTLDs, phishers are increasingly utilizing subdomain providers such as blogspot.com and weebly.com to host their malicious campaigns. The use of subdomains for phishing has seen a significant uptick, with over 1.18 million instances reported—an increase of 114%. This poses unique challenges for cybersecurity professionals, as blocking malicious activities at the root level could potentially disrupt legitimate users of these platforms.
As cybersecurity experts continue to emphasize the need for stricter measures to prevent the misuse of new gTLDs by cybercriminals, the looming introduction of more gTLDs by ICANN underscores the importance of proactive measures to safeguard against phishing attacks and other forms of online fraud. Mitigation strategies and enhanced monitoring are crucial in the ongoing battle against cybercrime in the evolving digital landscape.