Cybercrime Events Surge 60% Globally as Criminals Exploit Easy Access to Internet Resources, Interisle Report Finds
BOSTON, MA, UNITED STATES, November 18, 2025 /EINPresswire.com/ -- Cybercrime continues to grow at alarming rates, according to Cybercrime Supply Chain 2025, a new study released by Interisle Consulting Group. The report analyzed more than 26 million unique cybercrime events involving malware, phishing, and spam – a 60% annual growth in attacks – revealing that criminals continue to easily and cheaply acquire the resources needed to launch attacks.
The study found that nearly 20 million unique domains were used in attacks. Malicious domain registrations increased 149% year over year, and bulk registration of domains for criminal purposes surged 177%. New generic Top-Level Domains (gTLDs) were particularly exploited: though they hold just 12% of the market, they accounted for nearly half of all cybercrime domains reported and well over half of the maliciously registered cybercrime domains.
“Cybercrime has evolved into a professionalized global industry,” said Dave Piscitello, Interisle Partner. “Cybercriminal enterprises operate across both the legitimate and dark economies and are expanded their reach and impact, including through sophisticated crime-as-a-service offerings.”
Key report findings include:
• Malware, phishing, and spam attacks grew by 60%, to over 26 million events. Spam grew at the most alarming rate, more than doubling over 2024.
• Nearly 19.5 million compromised and maliciously registered domains were used in cyberattacks compared to 8.6 million last year – a 126% increase.
• Domains registered for cybercrime – malicious domains – increased 149% year over year. The percentage of malicious registrations in the new TLD space was nearly five times its market share.
• Over 7.3 million domains used in cyberattacks were registered in bulk, a 177% increase compared to last year.
• The overall number of IP addresses reported for hosting malware, spam or phishing activity decreased by 20%. The United States, India and Hong Kong saw hosting increases.
Just as legitimate businesses optimize their logistics, criminals do the same by sourcing naming, hosting, and other resources wherever they are cheapest and easiest to secure. “We need to disrupt criminal access to these resources, starve them of supplies, and make cybercrime harder and less lucrative to perpetrate,” said Karen Rose, Interisle Partner.
The report urges greater oversight and accountability across the cybercrime supply chain, including:
• Stronger verification of customer information, including adoption of EU NIS2 directive standards.
• Implementing automated systems to disrupt and mitigate suspicious registration and hosting activity.
• Limitations on high-volume registration and account creation.
• Adopting trusted reporter programs to expedite takedowns.
• Corrective action for operations with high criminal abuse rates.
Cybercrime is projected to inflict US$10.5 trillion in global losses this year, exceeding the GDP of all nations except the U.S., China, and India. “This is not just a technical problem,” Rose added. “It’s an economic and social one.”
Interisle’s study was sponsored by the Anti Phishing Working Group (APWG, https://apwg.org), CAUCE (https://cauce.org), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG, https://m3aawg.org). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.
The full report is available at https://interisle.net/cybercrimesupplychain2025.
Media contact: media@interisle.net
The study found that nearly 20 million unique domains were used in attacks. Malicious domain registrations increased 149% year over year, and bulk registration of domains for criminal purposes surged 177%. New generic Top-Level Domains (gTLDs) were particularly exploited: though they hold just 12% of the market, they accounted for nearly half of all cybercrime domains reported and well over half of the maliciously registered cybercrime domains.
“Cybercrime has evolved into a professionalized global industry,” said Dave Piscitello, Interisle Partner. “Cybercriminal enterprises operate across both the legitimate and dark economies and are expanded their reach and impact, including through sophisticated crime-as-a-service offerings.”
Key report findings include:
• Malware, phishing, and spam attacks grew by 60%, to over 26 million events. Spam grew at the most alarming rate, more than doubling over 2024.
• Nearly 19.5 million compromised and maliciously registered domains were used in cyberattacks compared to 8.6 million last year – a 126% increase.
• Domains registered for cybercrime – malicious domains – increased 149% year over year. The percentage of malicious registrations in the new TLD space was nearly five times its market share.
• Over 7.3 million domains used in cyberattacks were registered in bulk, a 177% increase compared to last year.
• The overall number of IP addresses reported for hosting malware, spam or phishing activity decreased by 20%. The United States, India and Hong Kong saw hosting increases.
Just as legitimate businesses optimize their logistics, criminals do the same by sourcing naming, hosting, and other resources wherever they are cheapest and easiest to secure. “We need to disrupt criminal access to these resources, starve them of supplies, and make cybercrime harder and less lucrative to perpetrate,” said Karen Rose, Interisle Partner.
The report urges greater oversight and accountability across the cybercrime supply chain, including:
• Stronger verification of customer information, including adoption of EU NIS2 directive standards.
• Implementing automated systems to disrupt and mitigate suspicious registration and hosting activity.
• Limitations on high-volume registration and account creation.
• Adopting trusted reporter programs to expedite takedowns.
• Corrective action for operations with high criminal abuse rates.
Cybercrime is projected to inflict US$10.5 trillion in global losses this year, exceeding the GDP of all nations except the U.S., China, and India. “This is not just a technical problem,” Rose added. “It’s an economic and social one.”
Interisle’s study was sponsored by the Anti Phishing Working Group (APWG, https://apwg.org), CAUCE (https://cauce.org), and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG, https://m3aawg.org). Collectively, these organizations represent thousands of cybersecurity, public advocacy, service providers, and industry professionals worldwide.
The full report is available at https://interisle.net/cybercrimesupplychain2025.
Media contact: media@interisle.net
David Piscitello
Interisle Consulting Group
email us here
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.