Home M3AAWG Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Phishing is still a top-of-mind threat. In 2020, 75% of organizations around the world experienced some kind of phishing attack (https://www.tessian.com/blog/phishing-statistics-2020/) and this figure increased by 22% in the first half of 2021. And according to a Proofpoint study, 74% of phishing attacks in the US were successful. Overall, the 2021 report from Ponemon and IBM found that data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report.

On Jan. 6, 2022, The Messaging, Malware and Mobile Anti-abuse Working Group (M3AAWG) announced and notified the ICANN Board of its support for recommendations made by ICANN’s Security and Stability Advisory Committee (SSAC) in SAC118 SSAC Comments on Initial Report of the Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data Team - PHASE 2A.

Author: Mobile Committee Chairs

Business email compromise, or BEC, has become an increasingly dangerous and widely used tool for an adversary to get access to a business email account to spoof the identity of an employee. Unfortunately, This technique has moved beyond email to SMS (Short Message Service) using cell phones, in which the attacker gets the target’s phone for attacks or compromises.


Executive Order 14028 (EO), Improving the Nation’s Cybersecurity, mandates “bold changes and significant investments” to help protect against malicious cyber threats. The EO emphasizes that “cybersecurity requires more than government action”, requiring “the Federal Government to partner with the private sector”. It also states “the private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

Interisle Consulting Group recently released its report (https://interisle.net/MalwareLandscape2021.html) studying six months of malware. 

Data showed that, based on 1.7 million malware reports collected from January 1, 2021 to June 30, 2021, malware reports increased 63% in the first half of 2021. The findings are based on analyzing 1,686,033 malware reports during a six-month study period from four widely used and respected threat intelligence sources.

The key takeaways are summarized below from the report. 

The Q3 2021 Phishing Activity Trends Report has been published. The report includes data and analysis of phishing attacks as reported to the APWG by its member companies, its global research partners, through the organization’s website at https://apwg.org, and by e-mail submissions to reportphishing@antiphishing.org

APWP sources define phishing as “…a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. “

The 2021 Ponemon Data Breach research report, sponsored by IBM, has been released, and data shows that the cost of breaches and attacks continues to increase.

On Sept. 30, 2021, M3 AAWG and the Anti-Phishing Working Group (APWG) provided its recommendations to ICANN regarding WHOIS domain name access. M3 AAWG and APWG had conducted surveys in 2018 and 2021 to understand the impact of ICANN implementation of the EU GDPR Temporary for gTLD Registration Data.

As Internet usage has exploded and become an integral part of everyone’s personal and business lives, the opportunities to exploit user data have become ever more attractive. Sophisticated tracking and explosion of third-party ad and other services ensure that very few users can defend themselves against data harvesting and attacks. 


In this session at M3AAWG’s 53rd general meeting October 2021, Johnathan Azaria describes the usage of machine learning to create better security configuration for DDoS protection

Finding the best security configuration is crucial - If set correctly, it provides maximum security with minimal risk by balancing between the false positives and false negatives. However, because domain experts often need to manually work on each security configuration, this process can't be scaled. 



Subscribe to M3AAWG Blog