The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) partnered with Interisle Consulting Group on Cybercrime Supply Chain 2024: Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them. This second annual study, released on November 18, 2024, analyzed more than 16 million cybercrime events and revealed significant year-over-year increases in crime. M3AAWG co-sponsored Interisle’s study with our industry partners at the Anti-Phishing Working Group (APWG) and the Coalition Against Unsolicited Commercial Email (CAUCE). 

While revealing an alarming rise in online abuse, the report confirmed many of the cybercrime trends that M3AAWG members work diligently to curtail as we strive to achieve our vision of a world free of online abuse. The report offers clear, strategic recommendations for addressing these issues—recommendations that many M3AAWG members are already working to implement and improve upon.

“This year’s report once again highlights trends that are concerning, to say the least, while illustrating the impact of malware, phishing, spam, and domain abuse. Fortunately, the report offers strategic recommendations to stakeholders aiming to disrupt the cybercriminal supply chain, which directly corresponds to our Priorities and Focus Areas and the work of M3AAWG to our very core,” said Amy Cadagin, M3AAWG Executive Director.

“This report shows, once again, the many parties that enable cybercrime and how far we are from effectively addressing the problem. CAUCE is proud to be a co-sponsor of this important work with M3AAWG,” said John Levine, M3AAWG Expert Advisor and CAUCE representative.

The Cybercrime Supply Chain

According to the report, cybercrime continues to expand rapidly due to its profitability. Cybercriminals generate annual revenues that surpass the GDP of countries like the Netherlands, Indonesia, and Turkey while simultaneously inflicting an estimated total of nearly US$10 trillion in damages worldwide in 2024.

Like any legitimate business, cybercriminals rely on a supply chain to gather the resources needed to sustain operations. When these supply chains are disrupted—through increased barriers to access and actions that make laundering their criminal proceeds more difficult—the incentives for cybercriminals drop. This report analyzed the business of cybercrime to pinpoint where it can be deterred.

What We Learned

Consistent with Interisle’s 2023 study, this year’s report examined three of the most common and profitable cybercrime categories: malware, spam, and phishing – each of which are abuse types that M3AAWG is dedicated to eradicating. Interisle found drastic increases in year-over-year crime, including:

• Cybercrime grew 54% overall from 10 million to 16 million events.
• Phishing activities increased nearly 40% from 1.9 million to 2.6 million events.
• Spam activities doubled from 4 million to 8 million events.

“These dramatic increases in cybercrime highlighted in this year’s report reflect a supply chain that allows criminals to obtain their resources with minimal friction. It is imperative for all of us to work towards creating an environment that disrupts this supply chain for criminals across all marketplaces, both legal and illegal,” said Laurin B. Weissinger, M3AAWG Expert Advisor and report contributor. 

Other major findings revealed in this year’s report include:

• Domain acquisition by cybercriminals has grown. With an 81% rise in domain usage for cyberattacks, over 8.6 million unique domains were used in cyberattacks this year compared to 4.8 million last year.
• +2.6 million domains used in cyberattacks were registered in bulk. The report shows a 106% increase compared to last year as these domains improved criminals' operations with relentless abuse of subdomains and IP resources.
• +1.8 million subdomain hostnames were used in attacks. This is an increase of over 114% compared to last year.
• New generic top-level domains (gTLDs) accounted for 37% of cybercrime domains reported. This occurred despite the fact gTLDs comprise only 11% of the total domain name market.
• The number of IPv4 addresses reported for hosting cybercrime nearly doubled in both China and India. While the United States remains the top source of reported IPv4 addresses used in cybercrime, China’s 94% growth placed it nearly equal to the United States.

Six Strategic Recommendations for Fighting Abuse

Cybercrime operations often mirror those of legitimate businesses, exploiting lax regulatory environments and vulnerabilities. Interrupting the cybercriminals’ supply chain requires education and organizing efforts across sectors and international boundaries. It takes policy reform, cooperation between traditional business competitors, and proactive measures to diminish the profitability and scale of cybercrime. 

Interisle’s 2024 study recommends a series of strategic measures for fighting abuse:

1. Implement Bulk Registration Controls. Introduce rigorous identity verification/certification requirements for parties wishing to bulk register domain names.
2. Limit Subdomain Availability. Restrict the number of accounts and subdomains a customer can register at free or cheap web hosting (subdomain) providers.
3. Automate Screening Systems. Expand the deployment of automated systems to screen for suspicious resource registration and usage patterns.
4. Engage “Trusted Reporter” Programs. Create these programs across the industry to facilitate the swift suspension of cybercrime resources identified by recognized and trusted cybercrime monitors.
5. Incentivize or Penalize Service Providers. Employ consequences for those that consistently and disproportionately supply cybercriminals with attack resources.
6. Enhance Collaboration. Coordination, cooperation, and consistent action from stakeholders across the cybercrime supply chain are needed to combat these systemic problems.

M3AAWG is proud to support this important work alongside our valued industry partners. For more information, including detailed insights into the methodologies and findings of the Interisle study, visit: https://interisle.net/CybercrimeSupplyChain2024.pdf