The Anti-Phising working Group published its report for the second half of 2014 and below you find their key findings:
Millions of phishing URLs were reported in 2H2014 but the number of unique phishing attacks and domain names used to host them was much smaller.
There were at least 123,972 unique phishing attacks worldwide. This was almost exactly the same number as in the first half of 2014, and the most we have seen in a period since the second half of 2009. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.
The attacks occurred on 95,321 unique domain names.This is the most we have ever recorded in a half-year period. The number of domain names in the world grew from 279.5 million in April 2014 to 287.3 million in December 2014.
Of the 95,321 phishing domains, we identified 27,253 domain names that we believe were registered maliciously, by phishers. This is an all-time high, and much higher than the 22,629 we identified in 1H2014. Most of these registrations were made by Chinese phishers. The other 68,303 domains were almost all hacked or compromised on vulnerable Web hosting.
Seventy-five percent of the malicious domain registrations were in just five TLDs: .COM, .TK, .PW, .CF, and .NET.
In addition, 3,582 attacks were detected on 3,095 unique IP addresses, rather than on domain names. (For example: http://77.101.56.126/FB/) We did not observe phish of any kind on IPv6 addresses.
We counted 569 targeted institutions. This is down significantly from the all-time high of 756 we observed in 1H2014.
The average uptime in 2H2014 was 29 hours and 51 minutes. The median uptime in 2H2014 increased to 10 hours 6 minutes, meaning that half of all phishing attacks stay active for slightly more than 10 hours.
Phishing occurred in 272 top-level domains (TLDs). Fifty-six of them were new top-level domains.
Only 1.9 percent of all domain names that were used for phishing contained a brand name or variation thereof.
One-hundred and three of the 95,321 domain names were internationalized domain names (IDNs). None involved homographic attacks, but some displayed deceptive messages in the translated domains names.
To read the full report:
http://anti-phishing.org/download/document/245/APWG_Global_Phishing_Report_2H_2014.pdf
