Despite an increase in registrations of dangerous third-party domains, domain security is an underused security tactic that can help curb phishing and associated ransomware attacks, according to the CSC Domain Security Report focused on the world’s largest companies.
The study found that the majority of companies in the Global 2000 lag behind in adopting domain security measures, with 81% of companies not using registry locks, a security feature that provides a layer Additional protection against domain name hijacking by locking down the domain at the registry level.
Only half use Domain-Based Message Authentication, Reporting, and Compliance (DMARC) records as a method of email authentication, and only 17% of Global 2000 companies have DNS redundancy for their domain primary (secondary DNS), according to the report.
Adoption rates for Domain Name System Security Extensions (DNSSEC), another method of enabling authenticated communication between DNS servers, are also low, at just 5%, according to the survey.
Domain security is the missing link
“Domain security is the missing link in most organizations’ phishing prevention and ransomware risk mitigation strategies,” said Vincent D’Angelo, global director of corporate development and strategic alliances with CSC. “These companies often assume that they have adequate protection from their consumer registrars and adopt a ‘set it and forget it’ mindset. “
The report noted that the lack of deployment of DNSSEC leads to vulnerabilities in the DNS, which could include an attacker hijacking any step of the DNS lookup process. As a result, hackers can take control of an internet browsing session and redirect users to deceptive websites.
Meanwhile, nearly six in 10 (57%) rely on consumer registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in attacks. -the-middle (MitM) or DNS poisoning cache. Historically, mainstream registrars have been the frequent target of cyber attacks.
The report also found that 70% of homoglyph domains (fuzzy matches) – a tactic commonly used in phishing and brand abuse – are owned by third parties and are registered with mainstream registrars.
Of these recordings, over 60% were recorded in the past two years, demonstrating that this is an increasingly popular method of attack.
According to the study, only 5% of companies in the Global 2000 use Certificate Authority (CAA) authorization records, which allow organizations to designate a specific Certificate Authority (CA) to be the sole certificate issuer for areas of the organization.
If a cybercriminal does not use the designated CA to obtain a new certificate, the request will fail and the organization will receive an alert that someone attempted to request a new certificate outside of their CAA policy.
D’Angelo explained that the increase in cybercrime and digital fraud as well as a steady increase in registrations over the past 18 months by third parties requires increased industry oversight in terms of how domains are recorded.
“Additionally, businesses need to understand that adopting basic domain security measures is a critical part of managing business risk,” he said. “We see compliance play a more important role in the future due to the vulnerability of an organization’s domain to various types of attacks. “
He added that businesses must also be aware of the changing cyber insurance landscape as, in the not-so-distant future, cyber insurance providers will take a more critical look at the security of a company’s domain during the process. subscription.
“So it would be up to companies to be proactive and act now,” D’Angelo said.
He pointed out that although annual losses from ransomware now exceed billions, most ransomware protection and response measures do not adequately address phishing risks in the early stages of a ransomware attack because they do not include domain security measures to protect against the most common phishing. attacks.
Additional CSC results strongly suggest that bad actors are applying tactics to cover their tracks and speed up their attempts to execute their attacks, with 70% of third-party domains considered suspect.
Of these suspicious domains, more than three-quarters (77%) used domain privacy services or also had hidden WHOIS details and 43% were configured with MX email records, giving them the ability to send emails. phishing emails.
More than half (56%) indicated advertising, pay-per-click content or was used for domain parking, while 38% had inactive web content and 6% indicated brand identity theft and malicious content, including phishing and the potential spread of malware. .
“Organizations need to implement more sophisticated threat monitoring, detection and mitigation solutions,” D’Angelo said. “Having the best domain security measures can help prevent these early attacks. “
He added that domain security plays a preventive role in phishing attacks, which could then also prevent larger scale BEC attacks, impersonation fraud, ransomware attacks and many other cybersecurity incidents. .
“All businesses in all industries should take a multi-layered defense-in-depth approach to domain security, starting with working with an enterprise-class registrar,” D’Angelo said.