The number of generic top level domains (gTLD) used for phishing and malware declined in the past year, according to the Internet Corporation for Assigned Names and Numbers (ICANN). According to David Conrad, CTO of private network administration, only spam increased strongly. Trademark owners and the security consulting company Interisle stubbornly questioned Conrad’s findings at the ICANN meeting. In view of the dispute over who has the better numbers, there is now a call for a data summit on the subject of “abuse”.

Conrad reported at the purely virtual ICANN meeting of a decrease in the number of gTLDs involved in phishing attacks within one year of 11244 (- 13, 4 percent) and the domains responsible for botnets around 5885 (- 14, 13 percent). In the case of phishing, it even recorded a decrease of 25, 41 percent. Only the usual increase in spam by 19 percent, again measured by the number of gTLDs involved, spoils them From the point of view of the network administrator, positive results. Overall, this results in a share of fraudulent domains that has increased by 0 percent the previous year.

Covid 19 – domain names The trend curves presented by Conrad from the Domain Abuse Activity Project (DAAR) for 2020 leave with a brief clear drop in the Abuse figures almost suggest that phishers and spammers were either impressed or affected by the pandemic. Even with pandemic-related attacks, Conrad drew a less suspicious headline picture than was rumored in the past few months.

Around 1.7 percent of the, however, abundant registered Covid 19 – related domain names (134. 332 between May and September 2020) classified the ICANN technician team as secure malicious. From 170 abuse domains, because of which ICANN asked for help between June and September, domain registries and registrars were only active on November 6th .

Wrongly defined or calculated? Conrad’s presentation came across at the meanwhile fourth ICANN General Assembly on the subject of DNS Abuse on a lot of contradiction. Lori Schulman, an attorney at the International Trade Mark Association, commented on the numbers, saying that members of their organization clearly reported an increase in abuses.

Chris Lewis-Evans of the UK National Crime Agency led On the one hand, statistics from the US-American FBI, which had received around 85 complaints about “Internet crimes” and the damage caused to 3.5 billion daily Dollars appreciated. On the other hand, statistics from British law enforcement officers 41 percent of all fraud cases are somehow digital, said Lewis-Evans, but had to admit that This includes more than DNS-related fraud scenarios.

At the ICANN meeting, representatives of the security consulting company Interisle finally appeared as key witnesses for the strong growth in phishing domains. In a study whose client did not want to name Interisle at all, they lead 298. 012 Phishing reports and 122. 092 Phishing attacks between May and July 2020. All in all 99. 412 domains were involved, According to Interisles figures, around two thirds were registered directly by phishers, i.e. not hijacked. This means that ICANN needs to act.

Apples and pears The different assessments of the situation and the The partly contradicting figures of the protagonists stem from the fact that different things are measured differently, explains Theo Geurts, compliance expert at the Dutch domain backend provider Realtime Register.

The DAAR project of ICANN values ​​long-term 11 Blocklists from, since 2018, While Interisle only has two for the short period of three months. “I think predictions based on a three-month study are difficult,” he says. In addition, ICANN is concentrating on the gTLDs, as these are contractually bound to name management. Interisle, on the other hand, also takes into account country domains over which ICANN has no influence and which are in part a real reservoir for fraudulent activities, such as the .tk zone.

Realtime Register’s own domain abuse statistics for the Geurts uses 30 blocklists and pulsedive for evaluation, confirmed the ICANN observations. “We see a decrease in the abuse of domains in the last few years,” said the Dutchman. That doesn’t mean that there is less fraud taking place, but the fraudsters rely less on domains. For example, P2P botnets and I