home.social

#apwg — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #apwg, aggregated by home.social.

  1. Phone #scams on the rise! A new report by the #APWG shows a surge in phishing attacks using phone calls and texts. Over the past two years, these phone scams have grown dramatically, making phone numbers a prime target for fraudsters. apwg.org/apwg-q1-report-phone-

  2. Phone #scams on the rise! A new report by the #APWG shows a surge in phishing attacks using phone calls and texts. Over the past two years, these phone scams have grown dramatically, making phone numbers a prime target for fraudsters. apwg.org/apwg-q1-report-phone-

  3. Phone #scams on the rise! A new report by the #APWG shows a surge in phishing attacks using phone calls and texts. Over the past two years, these phone scams have grown dramatically, making phone numbers a prime target for fraudsters. apwg.org/apwg-q1-report-phone-

  4. Phone #scams on the rise! A new report by the #APWG shows a surge in phishing attacks using phone calls and texts. Over the past two years, these phone scams have grown dramatically, making phone numbers a prime target for fraudsters. apwg.org/apwg-q1-report-phone-

  5. 💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

    We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
    spamhaus.org/resource-hub/cybe

    Look out for Part 2, which will be published tomorrow!

    #M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

  6. 💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

    We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
    spamhaus.org/resource-hub/cybe

    Look out for Part 2, which will be published tomorrow!

    #M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

  7. 💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

    We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
    spamhaus.org/resource-hub/cybe

    Look out for Part 2, which will be published tomorrow!

    #M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

  8. 💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

    We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
    spamhaus.org/resource-hub/cybe

    Look out for Part 2, which will be published tomorrow!

    #M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

  9. 💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

    We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
    spamhaus.org/resource-hub/cybe

    Look out for Part 2, which will be published tomorrow!

    #M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

  10. Good Monday all...

    Today we've released a study,

    Cybercrime Supply Chain 2023:
    Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

    interisle.net/CybercrimeSupply

    The major findings of the study are:

    • 5M domains identified as serving as a resource for cybercrime.
    • 1M domains reported for spam activity were registered in new gTLDs.
    • 500,000 subdomain hostnames reported for serving as resources for cybercrime.
    • 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
    • Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
    • The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

    Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

    In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

    The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

    #cybercrime #spam #malware #phishing #dnsabuse

  11. Good Monday all...

    Today we've released a study,

    Cybercrime Supply Chain 2023:
    Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

    interisle.net/CybercrimeSupply

    The major findings of the study are:

    • 5M domains identified as serving as a resource for cybercrime.
    • 1M domains reported for spam activity were registered in new gTLDs.
    • 500,000 subdomain hostnames reported for serving as resources for cybercrime.
    • 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
    • Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
    • The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

    Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

    In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

    The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

    #cybercrime #spam #malware #phishing #dnsabuse

  12. Good Monday all...

    Today we've released a study,

    Cybercrime Supply Chain 2023:
    Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

    interisle.net/CybercrimeSupply

    The major findings of the study are:

    • 5M domains identified as serving as a resource for cybercrime.
    • 1M domains reported for spam activity were registered in new gTLDs.
    • 500,000 subdomain hostnames reported for serving as resources for cybercrime.
    • 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
    • Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
    • The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

    Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

    In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

    The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

    #cybercrime #spam #malware #phishing #dnsabuse

  13. Good Monday all...

    Today we've released a study,

    Cybercrime Supply Chain 2023:
    Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

    interisle.net/CybercrimeSupply

    The major findings of the study are:

    • 5M domains identified as serving as a resource for cybercrime.
    • 1M domains reported for spam activity were registered in new gTLDs.
    • 500,000 subdomain hostnames reported for serving as resources for cybercrime.
    • 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
    • Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
    • The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

    Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

    In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

    The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

    #cybercrime #spam #malware #phishing #dnsabuse

  14. Good Monday all...

    Today we've released a study,

    Cybercrime Supply Chain 2023:
    Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

    interisle.net/CybercrimeSupply

    The major findings of the study are:

    • 5M domains identified as serving as a resource for cybercrime.
    • 1M domains reported for spam activity were registered in new gTLDs.
    • 500,000 subdomain hostnames reported for serving as resources for cybercrime.
    • 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
    • Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
    • The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

    Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

    In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

    The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

    #cybercrime #spam #malware #phishing #dnsabuse

  15. On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

    Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

    apwg.eu/event/tech2023/

  16. On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

    Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

    apwg.eu/event/tech2023/

  17. On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

    Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

    apwg.eu/event/tech2023/

  18. On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

    Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

    apwg.eu/event/tech2023/

  19. On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

    Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

    apwg.eu/event/tech2023/

  20. Reported #phishing #attacks have quintupled. The third quarter of 2022, Anti Phishing Working Group observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to #APWG. #Cybercrime #Cybersecurity #Phishing helpnetsecurity.com/2022/12/28

  21. Reported #phishing #attacks have quintupled. The third quarter of 2022, Anti Phishing Working Group observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to #APWG. #Cybercrime #Cybersecurity #Phishing helpnetsecurity.com/2022/12/28

  22. Reported #phishing #attacks have quintupled. The third quarter of 2022, Anti Phishing Working Group observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to #APWG. #Cybercrime #Cybersecurity #Phishing helpnetsecurity.com/2022/12/28

  23. Reported #phishing #attacks have quintupled. The third quarter of 2022, Anti Phishing Working Group observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to #APWG. #Cybercrime #Cybersecurity #Phishing helpnetsecurity.com/2022/12/28

  24. The #APWG comments on the FTC proposed rule are posted. As a board member, I signed off on these.

    In their comment, APWG concentrated on two issues:

    1) WHOIS information is vital to the investigation of impersonation scams. The final rule should recognize the now acute issue of domain name registration data (“WHOIS”). While WHOIS data is critical to investigatory capability as it relates to online impersonation and crime, it unfortunately has been significantly truncated since the misinterpretation and over-implementation of the European Union’s General Data Protection Regulation (GDPR) by domain name registries and registrars. This underlines why a final rule is critically needed.

    2) Trusted Notifiers are effective tools in impersonation mitigation. FTC should encourage the use of trusted notifier programs by registries and registrars as an avenue to address maliciously registered domain names, and should further encourage participation in trusted notifier programs by business or governmental entities that frequently are impersonated.

    My $.02 Trusted Notifier (TN) programs will be essential to mitigating cybercrime but these cannot be left to #ICANN to define for many reasons, but most importantly, because ICANN's scope is limited to domain names, and having non-federated, individually scoped programs is a terribad idea.

    #Whois #apwg #cybercrime #fraud #phishing

    Proposed rule: regulations.gov/document/FTC-2

    APWG Comment: regulations.gov/comment/FTC-20

  25. The #APWG comments on the FTC proposed rule are posted. As a board member, I signed off on these.

    In their comment, APWG concentrated on two issues:

    1) WHOIS information is vital to the investigation of impersonation scams. The final rule should recognize the now acute issue of domain name registration data (“WHOIS”). While WHOIS data is critical to investigatory capability as it relates to online impersonation and crime, it unfortunately has been significantly truncated since the misinterpretation and over-implementation of the European Union’s General Data Protection Regulation (GDPR) by domain name registries and registrars. This underlines why a final rule is critically needed.

    2) Trusted Notifiers are effective tools in impersonation mitigation. FTC should encourage the use of trusted notifier programs by registries and registrars as an avenue to address maliciously registered domain names, and should further encourage participation in trusted notifier programs by business or governmental entities that frequently are impersonated.

    My $.02 Trusted Notifier (TN) programs will be essential to mitigating cybercrime but these cannot be left to #ICANN to define for many reasons, but most importantly, because ICANN's scope is limited to domain names, and having non-federated, individually scoped programs is a terribad idea.

    #Whois #apwg #cybercrime #fraud #phishing

    Proposed rule: regulations.gov/document/FTC-2

    APWG Comment: regulations.gov/comment/FTC-20

  26. The #APWG comments on the FTC proposed rule are posted. As a board member, I signed off on these.

    In their comment, APWG concentrated on two issues:

    1) WHOIS information is vital to the investigation of impersonation scams. The final rule should recognize the now acute issue of domain name registration data (“WHOIS”). While WHOIS data is critical to investigatory capability as it relates to online impersonation and crime, it unfortunately has been significantly truncated since the misinterpretation and over-implementation of the European Union’s General Data Protection Regulation (GDPR) by domain name registries and registrars. This underlines why a final rule is critically needed.

    2) Trusted Notifiers are effective tools in impersonation mitigation. FTC should encourage the use of trusted notifier programs by registries and registrars as an avenue to address maliciously registered domain names, and should further encourage participation in trusted notifier programs by business or governmental entities that frequently are impersonated.

    My $.02 Trusted Notifier (TN) programs will be essential to mitigating cybercrime but these cannot be left to #ICANN to define for many reasons, but most importantly, because ICANN's scope is limited to domain names, and having non-federated, individually scoped programs is a terribad idea.

    #Whois #apwg #cybercrime #fraud #phishing

    Proposed rule: regulations.gov/document/FTC-2

    APWG Comment: regulations.gov/comment/FTC-20

  27. #M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

    In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

    Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

    The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

    #infosec can effect change

    Proposed Rule: federalregister.gov/documents/
    Comment: m3aawg.org/sites/default/files

  28. #M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

    In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

    Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

    The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

    #infosec can effect change

    Proposed Rule: federalregister.gov/documents/
    Comment: m3aawg.org/sites/default/files

  29. #M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

    In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

    Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

    The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

    #infosec can effect change

    Proposed Rule: federalregister.gov/documents/
    Comment: m3aawg.org/sites/default/files

  30. #M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

    In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

    Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

    The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

    #infosec can effect change

    Proposed Rule: federalregister.gov/documents/
    Comment: m3aawg.org/sites/default/files

  31. #M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

    In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

    Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

    The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

    #infosec can effect change

    Proposed Rule: federalregister.gov/documents/
    Comment: m3aawg.org/sites/default/files

  32. I'll be giving a virtual presentation on Thursday 1 December at #APWG eCrime 2022 titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. We'll discuss how the lack of taxonomic conventions affects measurements and comparisons across studies.

    #phishing #malware #spam

    apwg.org/event/ecrime2022/

    I'll share the presentation on Friday.

  33. I'll be giving a virtual presentation on Thursday 1 December at #APWG eCrime 2022 titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. We'll discuss how the lack of taxonomic conventions affects measurements and comparisons across studies.

    #phishing #malware #spam

    apwg.org/event/ecrime2022/

    I'll share the presentation on Friday.

  34. I'll be giving a virtual presentation on Thursday 1 December at #APWG eCrime 2022 titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. We'll discuss how the lack of taxonomic conventions affects measurements and comparisons across studies.

    #phishing #malware #spam

    apwg.org/event/ecrime2022/

    I'll share the presentation on Friday.

  35. I'll be giving a virtual presentation on Thursday 1 December at #APWG eCrime 2022 titled, The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics. We'll discuss how the lack of taxonomic conventions affects measurements and comparisons across studies.

    #phishing #malware #spam

    apwg.org/event/ecrime2022/

    I'll share the presentation on Friday.

  36. I'll be giving a talk and leading a panel at the #APWG eCrime 2022 virtual event on December 1.

    Title: The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics: How DNS and Other Abuse Statistics Can Mislead in the Absence of Conventions for Categorizing Cyber Events

    #cybercrime #phishing #malware #dns

    apwg.org/event/ecrime2022/

  37. I'll be giving a talk and leading a panel at the #APWG eCrime 2022 virtual event on December 1.

    Title: The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics: How DNS and Other Abuse Statistics Can Mislead in the Absence of Conventions for Categorizing Cyber Events

    #cybercrime #phishing #malware #dns

    apwg.org/event/ecrime2022/

  38. I'll be giving a talk and leading a panel at the #APWG eCrime 2022 virtual event on December 1.

    Title: The Need for Clarity, Accuracy and Rigor When Reporting Cybercrime Statistics: How DNS and Other Abuse Statistics Can Mislead in the Absence of Conventions for Categorizing Cyber Events

    #cybercrime #phishing #malware #dns

    apwg.org/event/ecrime2022/