Home / Blogs

Domain Security: An Underused Cybersecurity Strategy and First Line of Defense in Your Zero Trust Model

Co-authored by Sue Watts and Vincent D’Angelo.

Domain security is a critical component to help mitigate cyberattacks in the early stages—your first line of defense in your organization’s Zero Trust model. According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks—including ransomware and business email compromise (BEC)—begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don’t adequately address phishing risks in the early stages of an attack because they don’t include domain security measures to protect against the most common phishing attacks.

Bad actors are using company domain names for malicious attacks more than ever before. Research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered and confusingly similar domain name, or via email spoofing.

Research shows more than 7 out of 10 domain names on the internet that contain brand names are fake

The epicenter for fraud, consumer safety peril, and misinformation are infringing domains that include brand names. Over the past three years, CSC has reviewed data sets and has published research findings on domain names that use top brand names in their URL, or confusingly similar domain names (homoglyphs), that are owned by third parties.

In each research report, CSC identified the percentage of domains owned by third parties, or in other words, not the brands themselves. Often the intent of these suspicious or malicious domain registrations is to leverage the trust consumers have for the targeted brand to launch phishing attacks, other forms of digital brand abuse, or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain spoofing tactics and permutations that can be used by phishers and malicious third parties.

Research of top brands has found that 70% or more domains registered with a brand name in the domain, including confusingly similar domain names, are registered with a third party who is not the brand owner.

Research reveals brand-specific domain names that are third-party owned are fake:

CSC’s domain security research% domains owned by third parties% third-party domains configured with MX records
U.S. Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security97%69%
Holiday Shoppers Beware: Tips for Global Brand Owners and Consumers to Safeguard Against Domain Security Threats70%48%
CSC’s 2021 Domain Security Report70%57%
Two Year Analysis: The Impact of COVID-19 on Internet Security and Safety80%33%

Between one- and two-thirds of these domains are configured with MX records, which can enable criminals to launch email phishing campaigns.

Domain security intelligence is power

Domain security intelligence is the first line of defense in preventing a variety of cyberattacks. The more information extracted and shared with key decision-makers means less opportunity for cybercriminals to compromise a brand’s domains. In this digital economy, where hackers can breach networks to harvest credentials through basic phishing schemes, it’s essential to secure the domains that run websites, email, applications, and more.

With corporations operating multiple brands, with hundreds or even thousands of domains within their portfolio, rapid detection and de-activation of confusingly similar domains imitating brands are crucial. Domain threat intelligence data can identify suspicious domain names that could pose a potential risk to a company, such as phishing and brand attacks. Based on those findings, companies can take the appropriate enforcement to mitigate the problem.

By Sue Watts, Global Marketing Leader, Digital Brand Services, CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

New TLDs

Sponsored byRadix


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API