ICANN announced the publication of the report called Statistical Analysis of DNS abuse in gTLDs on its website. The study, which was requested by ICANN, was conducted by researchers from the Dutch internet register SIDN and Delft University of Technology in Netherlands. It covers three years from 2014 to 2016. The results of the study show that the overall rate of abused domains (used for spamming, phishing, malware distribution and so forth) appears to be relatively constant, with higher levels of abuse in legacy gTLDs and an upward trend of abuse in new gTLDs.
The study shows that hackers tend to compromise existing domains in legacy gTLDs, and use new gTLDs for registering the domains that will later be used for malicious purposes, since they are considerably less inexpensive to register. It also showed that there is no correlation between domain abuse and privacy protection of the WHOIS lookup service. In other words, the fact that registrants prefer to protect their confidentiality does not mean that their domains were registered to be used for malicious purposes.