Cybercrime supply chain report highlights need for stronger prevention

The Interisle Cybercrime Supply Chain 2025 report paints a striking picture of the rising professionalism and scale of online criminal activity. With cybercrime incidents increasing by 60% and more than 19 million domains used in attacks, the study highlights how criminals continue to exploit low-friction registration environments and bulk purchasing to fuel large-scale phishing and spam operations.

A key finding is the dramatic growth of malicious registrations, which rose by 149% over the past year. The report also notes an almost doubling of brand impersonation within domain names, reinforcing the need for registries and registrars to adopt robust screening measures to prevent deceptive registrations before they are weaponised.

EURid is referenced in the study as an example of effective preventative practice, highlighting our use of name-pattern checks and delayed delegation to ensure that suspicious domain name requests can be reviewed before activation. These measures significantly reduce the risk that criminals can exploit the .eu domain name space and demonstrate the positive impact of well-implemented policies.

“The report shows clearly that cybercriminals look for easy points of entry,” explains Philip Struyf, Program Manager in Domain Name Abuse Prevention. “Our approach is to make registrations harder to exploit, without placing additional burden on legitimate citizens and businesses. Early detection, careful checks, and swift intervention have allowed us to greatly limit the opportunities for abuse within the .eu domain name environment.”

The research also emphasises that opportunities exist to disrupt the cybercrime supply chain by making access to key resources more difficult or costly. Among its recommendations are:

• Stronger verification of registration information to ensure accuracy and deter false or suspicious data
• Tighter controls on bulk and high-volume domain registrations, including enhanced identity checks
• Automated monitoring for suspicious registration behaviour and algorithmically generated or brand-similar names
• Trusted reporter programmes to allow verified actors to flag abuse quickly
• Corrective action and industry collaboration to address consistently high-risk operators

EURid implements these recommendations by leveraging platforms such as the Abuse Prevention and Early Warning System (APEWS) and the in-house data quality system EURidity. In addition, EURid collaborates with EUIPO (European Union Intellectual Property Office) to address brand similarity. Tools like the WHOIS trademark match indicator, which shows whether a European trademark matches a domain name, and the Distance Report, a free comparison of potentially infringing or copycat domains across other extensions, help registrants and enforcement bodies manage potential conflicts. By applying these measures across the .eu environment, EURid demonstrates how coordinated policies and advanced tools can reduce opportunities for cybercriminals and set a benchmark for industry best practice.