Security Boulevard (Original)

Companies Failing to Protect Domain Registrations

Despite a surge in dangerous third-party domain registrations, domain security is an underused security tactic that can help curb phishing and related ransomware attacks, according to the CSC’s Domain Security Report focused on the world’s largest companies.

The study found the majority of Global 2000 companies continue to lag in the adoption of domain security measures, with 81% of companies not using registry locks, a security feature that provides an extra layer of protection from domain name hijacking by locking the domain at the registry level.

Just half are using domain-based message authentication, reporting and conformance (DMARC) records as an email authentication method, and only 17% of Global 2000 companies have DNS redundancy for their core domain (secondary DNS), the report found.

Adoption rates for domain name system security extensions (DNSSEC), another method to enable authenticated communication between DNS servers, is also low, at just 5%, according to the survey.

Domain Security is the Missing Link

“Domain security is the missing link in most companies’ phishing prevention and ransomware risk mitigation playbooks,” said Vincent D’Angelo, global director of corporate development and strategic alliances with CSC. “These businesses frequently assume that they’re getting adequate protection with their consumer-grade registrars and adopt a ‘set it and forget it’ mindset.”

The report noted lack of deployment of DNSSEC leads to vulnerabilities in the DNS, which could include an attacker hijacking any step of the DNS lookup process. As a result, hackers can take control of an internet browsing session and redirect users to deceptive websites.

Meanwhile, nearly six in 10 (57%) are relying on consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial-of-service (DDoS), man-in-the-middle attacks (MitM) or DNS cache poisoning. Historically, consumer-grade registrars have been a frequent target for cyberattacks.

The report also found 70% of homoglyph domains (fuzzy matches)—a tactic commonly used in phishing and brand abuse—are owned by third parties and registered with consumer-grade registrars.

Of these registrations, over 60% have been registered in the last two years, which demonstrates that this is an increasingly popular attack method.

According to the study, just 5% of Global 2000 companies use certificate authority authorization (CAA) records, which allow organizations to designate a specific certificate authority (CA) to be the sole issuer of certificates for the organization’s domains.

If a cybercriminal doesn’t use the appointed certificate authority to get a new certificate, the request will fail and the organization will receive an alert that someone tried to request a new certificate outside of its CAA policy.

D’Angelo explained the rise of cybercrime and digital fraud along with a steady increase in registrations over the last 18 months by third parties necessitates more industry oversight in terms of how domains are registered.

“Additionally, companies need to see that adopting basic domain security measures are a vital component of enterprise risk management,” he said. “We see compliance playing a bigger role moving forward because of how susceptible a company’s domain is to various types of attacks.”

He added companies also need to be mindful of the changing cyberinsurance landscape as, in the not-too-distant future, cyberinsurance providers are going to take a more critical look at a company’s domain security during the underwriting process.

“So, it would behoove companies to be proactive and take action now,” D’Angelo said.

He pointed out that although annual losses due to ransomware now exceed billions, most ransomware protection and response measures don’t adequately address phishing risks in the early stages of a ransomware attack because they do not include domain security measures to protect against the most common phishing attacks.

CSC’s additional findings strongly suggested bad actors are applying tactics to cover their tracks and accelerate their attempts to execute their attacks, with 70% of third-party domains deemed suspicious.

Of those suspicious domains, more than three-quarters (77%) used domain privacy services or also had WHOIS details redacted and 43% were configured with MX email records, giving them the ability to send phishing emails.

More than half (56%) were pointing to advertising, pay-per-click content or are being used for domain parking, while 38% had inactive web content and 6% were pointing to brand impersonation and malicious content including phishing and potential malware delivery.

Preventing Attacks

“Organizations need to be implementing more sophisticated threat monitoring, detection and mitigation solutions,” D’Angelo said. “Having best-in-class domain security measures can help to prevent these attacks in their early stages.”

He added domain security plays a preventative role in phishing attacks, which then could also prevent larger-scale BEC attacks, impersonation fraud, ransomware attacks and many other cybersecurity incidents.

“All companies in all industries should adopt a multi-layer defense-in-depth approach for domain security, starting with working with an enterprise-class registrar,” D’Angelo said.

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

Recent Posts

Industrial Enterprise Operational Technology Under Threat From Cyberattacks

One in four industrial enterprises had to temporarily cease operations due to cyberattacks within the past year, suggesting operational technology…

54 mins ago

Is your roadmap prioritizing memory safe programming languages?

Cybersecurity agencies from five different national governments put out a plea in December for developers to use memory-safe programming languages.…

3 hours ago

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Alert

NSFOCUS CERT has detected that details and a proof-of-concept (PoC) tool for a Linux kernel privilege escalation vulnerability CVE-2024-1086, have…

5 hours ago

LockBit Hacker Sentenced To 4 Years Jail Plus Fined $860K

Recent reports about legal proceedings, a 34-year-old Russian-Canadian national, Mikhail Vasiliev, has been handed a sentence of almost four years…

6 hours ago

MSP Case Study: Infinite IT Elevates Customer’s Email Defense Capabilities with PowerDMARC MSP Program

Reading Time: 2 min Discover how Infinite IT transforms its email defense capabilities through the PowerDMARC MSP Program in this…

7 hours ago

Symmetry Systems Ramps Up Hybrid-Cloud Data Security with $15 Million Series A Funding

ForgePoint Capital and Prefix Capital Double-Down on Data Store and Object Security as Lead Investors Symmetry Systems, provider of cutting-edge…

11 hours ago