• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Reports
  • APWG Global Phishing Survey – Registered malicious domains increased in H2 2014

APWG Global Phishing Survey – Registered malicious domains increased in H2 2014

Pierluigi Paganini June 03, 2015

The APWG Global Phishing Survey 2H2014 seeks to understand what the phishers are doing, and how, by quantifying the scope of the global phishing problem.

The Anti-Phishing Working Group (APWG) has published the “Global Phishing Survey 2H2014“, a report that comes with some interesting numbers on phishing activities. The Global Phishing Survey 2H2014 report states that in the second half of 2014 the domain names used for phishing broke a record, at least 123,972 unique attacks were observed all over the world, reaching the amazing figure of 95.321 unique domain names.

“Of the 95,321 phishing domains, we identified 27,253 domain names that we believe were registered maliciously, by phishers,”.”This is an all-time high, and much higher than the 22,629 we identified in 1H2014. Most of these registrations were made by Chinese phishers. The other 68,303 domains were almost all hacked or compromised on vulnerable Web hosting.”

Below the key findings of the Global Phishing Survey 2H2014 report:

  • We identified 27,253 domain names that we believe were registered maliciously, by phishers. This is an all-time high, and much higher than the 22,629 we identified in 1H2014. Most of these registrations were made by Chinese phishers. The other 68,303 domains were almost all hacked or compromised on the vulnerable Web hosting.
  • Seventy-five percent of the malicious domain registrations were in just five TLDs: .COM, .TK, .PW, .CF, and .NET.
  • In addition, 3,582 attacks were detected on 3,095 unique IP addresses, rather than on domain names. (For example: http://77.101.56.126/FB/) We did not observe phish of any kind on IPv6 addresses.
  • We counted 569 targeted institutions. This is down significantly from the all-time high of 756 we observed in 1H2014
  • The average uptime in 2H2014 was 29 hours and 51 minutes. The median uptime in 2H2014 increased to 10 hours 6 minutes, meaning that half of all phishing attacks stay active for slightly more than 10 hours.
  • Phishing occurred in 272 top-level domains (TLDs). Fifty-six of them were new top-level domains.
  • Only 1.9 percent of all domain names that were used for phishing contained a brand name or variation thereof. (See “Compromised Domains vs. Malicious Registrations”

To give you an idea of the record numbers in the second half of 2014, the Global Phishing Survey 2H2014 includes a table comparing malicious activities over the years:

APWG Global Phishing Survey 2H2014 phishing activities

“Phishers continued to attack Apple, PayPal, and Taobao.com heavily. Each of these three e-commerce giants suffered over 20,000 phishing attacks against their respective services and brands. Together, these top three were the targets of nearly 54 percent of the world’s phishing attacks. The next seven brands were targeted for a combined 23 percent of all phishing attacks — meaning the top 10 targets accounted for over three quarters of all phishing attacks observed worldwide. The number of times that the targets were attacked follows a long tail. Half of the targets were attacked four or fewer times during the six-month period (up from three times in 1H2014). One hundred and fifty-eight targets were attacked only once each in the period.”

Other interesting trends highlighted in the Global Phishing Survey 2H2014 report are:

  • New companies are constantly being targeted by phishers. Some phishers are attacking targets where consumers may least expect it.
  • The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month. Together the top ten targets suffered more than three-quarters of all the phishing attacks observed worldwide.
  • The number of domain names used for phishing reached an all-time high.
  • Phishing in the new top-level domains started slowly. We expect to see phishing levels in them rise as time goes on.
  • Chinese phishers were responsible for 85% of the domain names that were registered for phishing. These phishers started using .CN domains more frequently.
  • Phishing attacks were not mitigated as quickly. The median uptime of phishing attacks increased to 10 hours 6 minutes — up from 8 hours and 42 minutes in 1H2014. This means that phishing attacks were not being shut down as efficiently in the critical first hours, when most victims fall prey.
  • If attacks are divided by Industry, we can clearly see that the  makerts involving money are the ones more targeted like it can be seen the in the next chart:

APWG Global Phishing Survey 2H2014 attacks by Industry

That proves that “These show criminals seeking the credentials of consumers in places where consumers may least expect it. Phishers target wide-ranging targets for several reasons. One is to perform credit card theft, and hitting new targets may lull consumers into a false sense of security. The phishers can also monetize stolen data through reshipping fraud, a tactic that remains popular. Phishers also steal usernames and passwords from one site in order to try those credential on other sites. Many consumers re-use usernames and passwords, and this poor habit can be costly. If a site is getting phished for the first time, it may have been targeted by a more sophisticated phisher, who had the skill to design a new phishing template.”

You can check the full Global Phishing Survey 2H2014 report here:

http://apwg.org/download/document/245/APWG_Global_Phishing_Report_2H_2014.pdf

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – APWG Global Phishing Survey 2H2014 ,  phishing)


facebook linkedin twitter

Anti-Phishing Working Group APWG Cybercrime H2 2014 Hacking malware phishing

you might also like

Pierluigi Paganini June 26, 2025
Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages
Read more
Pierluigi Paganini June 25, 2025
Hackers deploy fake SonicWall VPN App to steal corporate credentials
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT