The ‘Monthly Analysis for ISPs’ reports are the topDNS Initiative’s measurement initiative. These reports aim to establish a credible source of metrics for addressing abuse among Internet Service Providers (ISPs). We hope these reports will facilitate targeted discussions and, over time, pinpoint opportunities to reduce abuse throughout the entire internet ecosystem.
We also hope that future editions of the report will recognise good practice and highlight areas for improvement within the industry. Through these reports, we aim to identify effective factors, policies and processes, and provide the industry with evidence.
As these data collection efforts are just beginning, we are not attempting to draw any conclusions from the data at this time. We look forward to reviewing the data as patterns emerge over time. However, we can offer some initial insights into how the methodology captures the data, which will provide a basis for understanding this complex issue in the future.
We encourage all readers to review this report and its methodology, as well as the data, and to contact us with any questions, ideas or suggestions that could help us improve and expand it. After all, our goal is to help the Internet industry and the wider community become better equipped to fight online abuse. We wish you a good read!
The ‘Monthly Analysis for ISPs’ reports are created with the support of AV-TEST.
Downloads
Background
The topDNS Initiative was founded in 2021 by members of eco – Association of the Internet Industry. The stable, safe and secure operation of the DNS has proven to be the foundation for the global expansion of the Internet as a universal public resource. However, like any other innovation and every technology, the Internet and the DNS are vulnerable to abuse, such as malware, botnets, phishing, pharming or spam. The topDNS Initiative and its members are committed to reducing online abuse and strengthening the Internet industry.
This report aims to measure malicious URLs at ISPs to improve the community’s understand-ing of online abuse and ultimately enhance industry practices. We hope it will provide insight into how online abuse is changing over time, enabling concrete, specific conversations about the impact of abuse on not only the domain registration industry, but the Internet industry as a whole.
We intend to use this evidence to drive change within the Internet industry, improving un-derstanding of where online abuse is concentrated and discussing effective ways to prevent and mitigate it. Our aim is to highlight good and best practices, as well as identifying areas for improvement and issues that require attention.
Online abuse affects everyone. We aim to leverage this insight to enhance the overall health of the Internet ecosystem. Our goal is to prevent or swiftly mitigate any harm to end users, businesses, governments, civil society organisations, public services and the general public, while safeguarding the advantages and principles of an open Internet.
Although the ultimate goal is to reduce abuse, mitigation should still take place at the appro-priate level. The aim is to provide transparent resources for discussions about the prevalence and mitigation of phishing and malware on the open Internet.
Data & Sources
This report is a collaboration with AV-TEST, a member of the Anti-Malware Testing Standards Organization, analysing samples from various sources with AV-TEST’s AV Multiscanner system as well as static and dynamic analysis tools. The report aims to provide the industry with evi-dence and information on the distribution of phishing and malware across the ecosystem. The project will begin by examining the harm caused by malware and phishing. Phishing and malware have been chosen as the focus because there is generally sufficient verifiable evi-dence of the security threat they pose.
In future reports, we may include other types of abuse and additional metrics, or combine various data points, provided they are consistent with the mission of topDNS and the priorities chosen for this report. The topDNS Initiative also works very closely with other initiatives, such as the NetBeacon Institute, to work together on data and to reduce online abuse. As a result, we view this report as a complement to the NetBeacon MAP: Monthly Analysis which provides detailed statistics and data for domain name registries and registrars.
It is important to recognise the limitations of this work. The universal challenge of understanding malicious activity in society means that we can only measure identified and verified harm. Phishing and malware that has been identified and verified will always be a subset of all existing phishing and malware. There will also be ‘false positives’, i.e. URLs categorised as phishing or malware when they actually aren’t, due to classification errors and differences in standards. Additionally, there is a possibility that reported abuse is biased towards particular geographic regions or activities that are more likely to be reported.
We are committed to refining this project as we go along, and we welcome insights from across the industry to help us improve and iterate. If you would like to get in touch with the topDNS Initiative, please contact: topdns@eco.de