Greybeard cybersec guy who values ethics, trust, friendship, teamwork. I'm a partner at Interisle Consulting Group, board member at CAUCE and APWG, and was named to the team of experts at the Geneva Centre for Security Policy.
I'm keenly interested in measuring cybercrimes and the resources criminals use to perpetrate them and currently scratching this itch at the Cybercrime Information Center.
I'm a Golden Retriever lover and fantasy novel devotee. I love to cook: Italian, French, Chinese, Thai, Mediterranean and Low Country are staples. Married to the finest and loveliest person I've ever known.
| Web | https://securityskeptic.typepad.com |
| Twitter: Cybercrime Information Center | https://twitter.com/cybercrimestats |
| Cybercrime Information Center | https://cybercrimeinfocenter.org |
| Twitter: Securityskeptic | https://twitter.com/securityskeptic |
Allowlisting: Exception Handling for Blocked TLDs
In this article, we discuss how to deal with blocklisting exception cases by using selective allowlisting to complement generalized blocklisting as part of an incident response.
https://interisle.substack.com/p/allowlisting-exception-handling-for
Cybercrime Reported in April 2026
Interisle publishes quarterly data about cybercrime activity (for phishing, malware, and spam) at the Cybercrime Information Center.
Today, we look at cybercrime activity for the month of April 2026. We point out anything that strikes us as particularly interesting in overall numbers as well as significant changes in ranking for Top Level Domains (TLDs), Registrars, and Hosting Networks.
https://interisle.substack.com/p/cybercrime-reported-in-april-2026
Pig Butchering Scams: The Industrialization of Online Fraud
This article is the first in a series that explores a particularly nefarious kind of romance scam called pig-butchering. Our goal with this series is to raise awareness of the nature, scale, and dangers of these scams.
https://interisle.substack.com/p/pig-butchering-scams-the-industrialization
How to Protect Against Phishy Top-level Domains, Part 2
In a previous article, we explained that risk-averse organizations routinely adopt TLD blocking as a defense against cyber-attacks.
We EMPHASIZED why this is a last resort measure and offered examples of TLDs that were persistently associated with major phishing and scam attacks in CY2025. We also describe how to make an informed TLD blocking decision.
In our earlier post, we explained how organizations or individuals could use Cisco’s OpenDNS service to adopt TLD blocking. Today, we’ll be taking a look at how NextDNS could be used to block TLDs.
https://interisle.substack.com/p/how-to-protect-against-phishy-top-b41
#phishing #cybercrime #blocklisting #tld #domainnames #dnsabuse
Malware Trends: January 1 – March 31, 2026
Results for malware activity for the period January 1 – March 31, 2026, are now available at the Cybercrime Information Center. They include top 20 rankings of Top-level Domain, Domain Registrar, and Hosting operator (by ASN) and aggregate records of operators with malware activity.
Malicious IP activity reports (e.g., attackware and traffic injectors) dramatically increased during the current period. Fourteen previously unranked hosting networks appeared in our Ranking of Hosting Networks (ASNs) by Number of Malware Records. ApateWeb, a resilient redirector campaign, reappeared with vengeance. Reports of malicious scanners probing email server vulnerability or injection opportunities increased significantly as well.
https://interisle.substack.com/p/malware-trends-january-1-march-31
How to Protect Against Phishy Top-level Domains
Blocklisting a domain name or hyperlink (URL) is a common and effective way to avoid becoming a victim of a phishing attack. Phishers and other cyber adversaries often single out specific Top-Level Domains when they register domains for their cyberattacks. And they do so repeatedly! Sometimes they register domains in one TLD at such an enormous scale that blocklisting domains or URLs individually is not enough to mitigate the attack, and more drastic action may effectively reduce risk.
Today, we’ll explain how use filtering offered by a public, open resolver to reduce your risk to avoid phishy TLDs.
https://interisle.substack.com/p/how-to-protect-against-phishy-top
Cybercrime Reported in March 2026: Where Criminals are Acquiring Resources for Phishing, Malware and Spam Attacks.
Interisle publishes quarterly data about cybercrime activity (for phishing, malware, and spam) at the Cybercrime Information Center.
Here we look at cybercrime activity for the month of March 2026. We point out anything that strikes us as particularly interesting in overall numbers as well as significant changes in ranking for Top Level Domains (TLDs), Registrars, and Hosting Networks.
https://interisle.substack.com/p/cybercrime-reported-in-march-2026
How Criminals Can Exploit the Blockchain Name Space
On March 19, Wired published an article on how the US Justice Department and law enforcement agencies of collaborating countries took down the command-and-control of several botnets that were used for a huge number of cyberattacks, such as Distributed Denial of Service attacks
In this article, Interisle's Andy Malis look at botnets generally and how they exploit the DNS. He thens looks at a variation of the conventional botnet exploitation of the DNS that leverages the name space for Ethereum blockchain.
https://interisle.substack.com/p/how-criminals-can-exploit-the-blockchain
FCC bans almost all routers in the name of cybersecurity: stopping the flow of "foreign" routers is likely to do more harm than good
Interisle's Fred Goldstein discusses the Covered List (origin and recent FCC ban), the stated rationale, perceived versus actual risks, and whether the ban will do more harm than good.
https://interisle.substack.com/p/fcc-bans-almost-all-routers-in-the
Words Commonly Found in Spam Domains
In a previous post, Interisle looked at the practice of embedding brand strings in domain names used for phishing and spam. Today, we’ll provide a summary of words that we most often find in domains used to spam.'
https://interisle.substack.com/p/words-commonly-found-in-spam-domains
