Bad players have ramped up their purchase of domains that look like the brands of the world’s top 2,000 companies, with 60% of those domains registered to risky third parties, not the companies themselves.
A new study released this week by domain name management corporation Corporation Service Company (CSC) analyzed domain records from Forbes Global 2000 companies and used a fuzzy match algorithm to detect domains similar to domain names. of these companies. – called “homoglyphs”. The CSC found that 70% of similar domains were registered by third parties, with more than half of homoglyphs (60%) registered in the past two years.
Despite the existence of what are probably bad actors, 81% of large companies do not take basic domain security precautions, such as using the registry lock protocol, explains Vincent D’Angelo, director worldwide of CSC Digital Brand Services.
“There are all these proactive controls that companies could put in place to prevent hijacking,” he says. “While there is no quick fix, using more than one of these controls makes [their domains] all the more difficult to compromise. “
Domain hijacking is not uncommon, and when attackers gain access to a domain, they can cause significant damage to both brand and users’ systems.
Stolen Perl domain
On January 27, for example, Perl.com, a site dedicated to articles on the programming language Perl, had his domain stolen by bad actors. The original surreptitious transfer took place in September 2020 and may have resulted from stolen credentials. In January, the cybercriminals behind the theft listed the domain for $ 190,000 on the AfterNIC Marketplace before the auction was called off. Within a week, Perl.com had reverted to its original owner, but other domains were stolen at the same time.
the CSC Report have found that typical uses of domains similar to well-known brands – often referred to as typosquatting – include exploiting accidental visitors by hosting pay-per-click advertising and web content. While more than half (56%) reported such programs for profit, and 38% led to inactive websites, only 6% led to malicious content and outright malware.
“Based on the analysis of these third-party domains, many have a high propensity to be used as malicious domains for cyber attacks,” CSC said in the report. “Registrants typically hide behind privacy services or WHOIS written to conceal their identity, register domains that look like known brands, and use tactics to appear legitimate to trick an end user into clicking a link or trusting.” to a site that infringes. on a mark. “
Risk domain registrations include domains that appear similar to the original corporate domains – a so-called homoglyph – and are registered by a third party with a consumer grade registrar, according to the CSC. While the company has not disclosed the number of matched domains, the vast majority use privacy services to hide the domain owner, and 43% have their MX records configured, allowing them to send and receive mail. emails.
Large companies are lagging behind in security measures, according to the CSC report. Only 19% had registry locking enabled on their domain, which prevents the domain from being easily transferred. Additionally, only 17% of organizations had redundant DNS services to protect against denial of service attacks.
While 84% of organizations had defined their Sender Policy Framework (SPF) records, only 11% had also configured their DomainKeys Identified Mail (DKIM) and only 50% had configured DMARC.
Overall, companies in only two of the 27 industries – media and information technology – had “moderate” risk mitigation effectiveness, according to the CSC. The vast majority were moderately poor, while two others were classified as “poor”.
Businesses won’t be able to just reserve domain names that are similar to their domain. With the expansion of top-level domains and attackers speeding up attempts to reserve homoglyphs, such an approach would be too expensive to implement, says CSC’s D’Angelo.
“It makes sense to own domain names that are high value targets. Especially if you are a multinational operating in a particular country, you should own your brand in that country,” he says. “But with the growth in the number of third-party registrations, it becomes virtually impossible to have a defensive domain portfolio.”
Instead, companies should monitor registrations to see if their trademark is under attack and strengthen their domain registration services, he says.