Lookalike domains are targeting Forbes Global 2000 brands to launch phishing attacks and other forms of digital brand abuse/IP infringement.

cyber security
Credit: Dreamstime

Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC’s Domain Security Report 2022.

The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75 per cent of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020.

Domain security measure adoption slow, DMARC most popular

Adoption of recommended domain security measures by Global 2000 companies has been slow in the last couple years, CSC stated. Measures such as DNS redundancy, registry lock, Certificate Authority Authorisation (CAA) records and DNS Security Extensions (DNSSEC) have seen only very modest growth since 2020.

“With the risks of not having domain security in place potentially leading to phishing or ransomware attacks and many other cyber threats, we hoped to see a higher implementation of some of these security measures,” the report read.

In contrast, adoption of DMARC has risen from 38.9 per cent in 2020 to 61.5 per cent in 2022. CSC cited the fact that Verified Mark Certificates (VMC) now require DMARC to be set up to ascertain Secure Sockets Layer (SSL) certificates as a key driver behind the adoption.

“Additionally, Apple announced Brand Indicators for Message Identification (BIMI) in September and stated that its email clients for iOS 16 and macOS will support a broad industry effort to combat brand spoofing and impersonation. Senders that support BIMI must meet a strong standard of email authentication and this includes using the DMARC security standard,” the report added.

Overall, companies with the most adoption of domain security measures had the “highest security score” based on CSC calculations, according to the report. Conversely, 137 companies were given a domain security score of zero, with most these based in the Asia Pacific region.

Lookalike domains targeting firms to launch phishing attacks, abuse brands

Lookalike/fake domains are targeting Global 2000s to leverage the trust placed on well-known brands and launch phishing attacks or other forms of digital brand abuse/IP infringement, CSC’s report read.

Over 75 per cent of homoglyph domains are owned by third parties, meaning that many of the world’s largest brands contend with web domains appearing to look like their brands that were maliciously registered, the firm added.

GoDaddy, Namecheap and PDR LTD are the companies most associated with fake domain registrations owned by third parties, the report stated. As for industry verticals, banking (10 per cent), IT software and services (7 per cent) and business services and supplies (5.5 per cent) were listed as the sectors most targeted by fake domain registrations, with food markets (0.4 per cent), semiconductors (1.7 per cent) and media (1.8 per cent) the least.

High-profile domain cyber attacks should never be underestimated

Domain-based security threats are plentiful, but the most prevalent threats are the least exciting: phishing domains and BEC attacks using short-term domains registered for the purpose of attacking a customer, Peter Lowe, principal security researcher at DNSFilter, told CSO.

“However, the risk of higher-profile attacks should never be underestimated – with ransomware on the rise globally, protecting your network against communication with C2 domains can prevent critical loss of data, downtime and potentially even expensive ransoms,” he added.

While adoption of domain-based security measures is steadily improving, there is still some way to go, Lowe said.

“DNS as a threat protection layer is now being accepted as a standard part of security strategies, with the US government launching multiple initiatives to provide protective DNS and officially recommending it, along with guidance on how to select a service,” he said. “However, it still lacks the focus and awareness it deserves from many MSSPs and individual companies.”

To protect their domains, it’s crucial for organisations to use a trusted registrar that provides 2FA, registry lock and DNSSEC built-in, along with a robust support department, Lowe said.

“On the network side, selecting a DNS resolver that provides effective and configurable filtering over an encrypted DNS channel is essential. Any commercial resolver should also be providing a decent Anycast network behind the scenes and provide useful reporting that can give you insights into what’s happening on your network,” he added.

TECH NEWS RELATED

TikTok EU ban on the table if social network doesn’t comply with new laws

TikTok is one of the most popular social networks out there. But TikTok is also a cause of concern for western governments that worry about the company’s ties to the Chinese government. TikTok can’t run on most devices the US government issues, and there has been talk of a ...

View more: TikTok EU ban on the table if social network doesn’t comply with new laws

Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

Samsung Display via The Verge The world of foldable phones is surprisingly stagnant. The Galaxy Z Fold gets a tiny little upgrade every year, and rival phone brands loosely copy Samsung’s homework. But a new Samsung Display prototype called the “Flex In & Out” could turn this narrative on ...

View more: Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

Avengers 5 might have Ant-Man in it, Quantumania star teases

The first MCU Phase 5 movie will be Ant-Man and the Wasp: Quantumania, the third installment in the Ant-Man franchise and a film with much higher stakes than the previous episodes. The sequel will deliver the MCU’s first Kang (Jonathan Majors) villain after we met a somewhat good He Who ...

View more: Avengers 5 might have Ant-Man in it, Quantumania star teases

Sharing a Netflix Account? Get Ready to Pay For It

DANIEL CONSTANTE/Shutterstock.com Netflix is about to get serious in its efforts to eliminate freeloaders. If you share a Netflix account with family or friends outside your household, get ready to pay for it. A new “paid sharing” system could roll out starting next month, and you’ll have to pay a ...

View more: Sharing a Netflix Account? Get Ready to Pay For It

‘7 Wonders’ Board Game Gets a New ‘Edifice’ Expansion

Asmodee and Repos Production Board game lovers have a wonderful reason to celebrate today. Board game makers Asmodee and Repos Production announced their latest collaboration: 7 Wonders Edifice, an expansion to the popular board game 7 Wonders. The game launches on February 24th for $29.99. 7 Wonders: Edifice adds ...

View more: ‘7 Wonders’ Board Game Gets a New ‘Edifice’ Expansion

T-Mobile Kicks Off 2023 With Another Data Breach

r.classen / Shutterstock.com In a press release, T-Mobile confirms that it detected a data breach in its systems on January 5th. A “bad actor” managed to steal personal information (but not financial data) from around 37 million customers. This is the eighth T-Mobile data breach since 2018. The hacker ...

View more: T-Mobile Kicks Off 2023 With Another Data Breach

Apple appeals to UK competition watchdog investigation about mobile browser dominance

Apple has filed an appeal against the UK’s competition watchdog regarding its dominance of mobile browsers in the cloud gaming market, reports Reuters. The Competition and Markets Authority started investigating this dominance by the Cupertino firm and Google. Lawyers representing Apple believe the investigation should be reviewed as CMA ...

View more: Apple appeals to UK competition watchdog investigation about mobile browser dominance

Galaxy S23 Ultra release date and specs leak finally reveals everything about the new model

WhatsApp for iOS rolling out the ability to create a chat with yourself

Amazon Prime Music Unlimited changes streaming prices, now matches Apple Music

Deadpool 3 and Secret Wars to feature Fox’s X-Men, according to Marvel insider

Report: OLED iPad Pro still on track for 2024 release, 2026 for MacBook Pro

How to negotiate over practically anything

HomePod 2 praised in exclusive hands-on before launch

M2 Pro MacBook Pro Amazon preorder deal gives you $50 off

What “choice” means for millions of women post-Roe

Singapore FinTech firm Pilon secures $5.2M seed funding led by Wavemaker Partners

Capital Square Partners and Basil Technology team up for $700M tech fund in Asia

This feel-good movie about man’s best friend is dominating Netflix

OTHER TECH NEWS

Top Car News Car News