Malicious Domain Names - 13 new million registrations a month
Malicious domain name registrations are specifically created for nefarious purposes, such as phishing attacks. These registrations are more effectively mitigated at the DNS level compared to domains that have been compromised. Typically, these malicious domains are newer and closely mimic the names of reputable organizations to deceive potential victims. The websites associated with these domains are usually not used for legitimate purposes and are often directly involved in phishing attacks.
The extent of malicious domain registrations is overwhelming and pervasive. Although the precise number of abuse reports is not public due to the decentralized nature of the system and privacy issues, it is evident that cybercrime is escalating. For instance, Akamai’s research identified nearly 79 million domains as malicious in the first half of 2022 alone. This figure represents an alarming 20.1% of all newly observed domains that were successfully resolved during that period. This is over 13 million new malicious domain name registrations a month.
Malicious actors often bulk-register domain names as a strategy to ensure resilience. When a domain is flagged, they quickly switch to another from their stockpile, causing minimal disruption to their operations. The deployment of Domain Generation Algorithms (DGAs) is central to this strategy, as these programs can churn out unique domain names at scale, embedding random digits to avoid duplications.
The variety of threats leveraged through such tactics is vast, including typosquatting for phishing, malware distribution, ransomware, cryptomining, botnet operations, and Advanced Persistent Threats (APTs) that stealthily breach networks.
How can brands protect themselves against Malicious Domain Names?
Cybersecurity experts must prioritize the swift detection and neutralization of these algorithmically generated domains. Recognizing the patterns and signatures that typify computer-generated domains is crucial in proactively intercepting and mitigating these threats. The security of our digital ecosystem depends on our capacity to preemptively counter these stealthy and relentless attacks. A good domain name monitoring tool should quickly identify malicious domain names targeting a specific brand.
If a malicious domain name is impacting your business, brands can leverage the domain name abuse suspension service to quickly take down the domain name, its DNS and therefore all associated services. Domain takedowns are executed at the registrar level; the registrar that issued the domain is responsible for its removal or deactivation. Should the registrar fail to respond, or if immediate action is required, Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs), adept at handling such incidents, can intervene. These entities have robust networks that facilitate quick action. Registrars accredited by ICANN are mandated to maintain contact information and respond to abuse reports. If registrars fail to comply, users can report them to ICANN, which may issue warnings. Registrars that receive twelve warnings within a year risk losing their accreditation and having the domains under their control transferred to a compliant registrar.
About brandsec
brandsec is an Australian domain name management provider that offers online brand management solutions to corporate and government organisations. Our services include domain name management, domain name security, domain name policy development, dispute management, monitoring, and enforcement services. Additionally, brandsec offers a comprehensive online brand protection service that covers various platforms such as websites, social media, email, and online marketplaces. The service addresses issues related to counterfeiting, fakes, copyright infringement, intellectual property (IP) matters, piracy, and other intellectual protection-related issues.
