Over the course of a year, the number of servers hosting fraudulent sites in the world has grown by almost 65%

Over the course of the year, the number of servers worldwide that host fraudulent sites grew by almost 65%, to 93.2 thousand. Canada remains the leader among jurisdictions, followed by the Netherlands, the USA, Russia and the UK. Experts attribute the situation to the developed IT infrastructure in these countries and “loyal legislation.” Placing sites abroad, they emphasize, makes it difficult for law enforcement agencies to collect data on scammers.

“Kommersant” got acquainted with the data of the Research Institute “Integral”, subordinate to the Ministry of Digital Development, on the current geography of the location of servers on which phishing sites are served (masquerading as banks, lotteries, large companies, etc. for fraudulent purposes), including those directed against Russians. According to the research institute, as of early October, servers are located in 76 countries, while a year earlier there were 82. However, the total number of servers increased over the year by 65%, to 93.2 thousand.

Canada remains the leader in the number of malicious resources hosted on servers in the country: in 2023, their number increased by 56%, to 24.7 thousand. In the Netherlands, which is in second place, the increase was immediately 160%, to 22.5 thousand As a result, the United States moved from second to third position with 15.4 thousand phishing resources (an increase of 80%).

Russia is still in fourth place with a significant lead both in terms of quantity (9.5 thousand) and dynamics (an increase of 14%). The UK, which occupies fifth place, has even more modest indicators (4.3 thousand sites, an increase of 7%). Among the domain zones on the first lines are .com, .ru, .top and .xyz.

Integral believes that the increase in the activity of Internet fraudsters in Russia indicates that they have “adapted to new conditions,” for example, blocking transfers of funds abroad. The coordination center for .ru/.рф domains clarified that from January to September 36.6 thousand complaints were sent to registrars about the use of domain names in the .ru and .рф zones for “maintaining resources with malicious activity,” which exceeded the figure 2022 by more than 150%. Based on the results of the review, the delegation of 35.7 thousand domains was terminated.

The geography of servers containing dangerous sites is influenced primarily by the development of hosting in a particular country, says Andrey Vorobyov, director of the coordination center: “A serious problem is created by the countries where the data centers of large cloud providers are located—the USA, the Netherlands, Ireland and the countries of the Asian region ” The faster the industry grows and new data centers open, the more competition hosters face, forcing them to offer cheap plans and trial periods, which scammers take advantage of, he adds.

The opportunity to get a free “test period” is important, confirms Alexander Vurasko, an expert at the Solar AURA monitoring center of Solar Group, since a phishing site has a lifespan of several days. Also, according to him, attackers choose hosting based on the possibility of paying for services with cryptocurrency or bank cards (issued in the name of dummies).

Another important factor is the specifics of local legislation, clarifies Nikita Tsaplin, CEO of the hosting provider RUVDS. In Canada or the Netherlands, “you can host almost everything,” the expert clarifies, and the United States “probably made the list due to the huge number of sites available in this country.” He believes that Russia will gradually fall in the “anti-rating”, including due to the intensified fight against cybercrime.

In the first half of the year, at the request of Roskomnadzor, more than 885 thousand sites with prohibited information were blocked or deleted in the Russian Federation, which is 85% more than for the same period in 2022 (see Kommersant on July 7). At the same time, Mr. Vurasko clarifies, a server in the Netherlands, for example, may belong to a Russian hosting company. The expert emphasizes that it is not easy for law enforcement agencies, especially Russian ones in the current conditions, to obtain information about scammers from abroad.

Tatiana Isakova