Co-authored by Sue Watts and Vincent D’Angelo.
Domain security is a critical component to help mitigate cyberattacks in the early stages—your first line of defense in your organization’s Zero Trust model. According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks—including ransomware and business email compromise (BEC)—begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don’t adequately address phishing risks in the early stages of an attack because they don’t include domain security measures to protect against the most common phishing attacks.
Bad actors are using company domain names for malicious attacks more than ever before. Research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered and confusingly similar domain name, or via email spoofing.
Research shows more than 7 out of 10 domain names on the internet that contain brand names are fake
The epicenter for fraud, consumer safety peril, and misinformation are infringing domains that include brand names. Over the past three years, CSC has reviewed data sets and has published research findings on domain names that use top brand names in their URL, or confusingly similar domain names (homoglyphs), that are owned by third parties.
In each research report, CSC identified the percentage of domains owned by third parties, or in other words, not the brands themselves. Often the intent of these suspicious or malicious domain registrations is to leverage the trust consumers have for the targeted brand to launch phishing attacks, other forms of digital brand abuse, or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain spoofing tactics and permutations that can be used by phishers and malicious third parties.
Research of top brands has found that 70% or more domains registered with a brand name in the domain, including confusingly similar domain names, are registered with a third party who is not the brand owner.
Research reveals brand-specific domain names that are third-party owned are fake:
Between one- and two-thirds of these domains are configured with MX records, which can enable criminals to launch email phishing campaigns.
Domain security intelligence is power
Domain security intelligence is the first line of defense in preventing a variety of cyberattacks. The more information extracted and shared with key decision-makers means less opportunity for cybercriminals to compromise a brand’s domains. In this digital economy, where hackers can breach networks to harvest credentials through basic phishing schemes, it’s essential to secure the domains that run websites, email, applications, and more.
With corporations operating multiple brands, with hundreds or even thousands of domains within their portfolio, rapid detection and de-activation of confusingly similar domains imitating brands are crucial. Domain threat intelligence data can identify suspicious domain names that could pose a potential risk to a company, such as phishing and brand attacks. Based on those findings, companies can take the appropriate enforcement to mitigate the problem.