Cybercrime

Blogs

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade. A significant proportion of this trade occurs via digital channels, where global annual expenditure on eCommerce is more than $4 trillion. more

The World of the Subdomain

A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more

ICANN SSAD Proposal Poised to Succeed?

The GNSO Council and the ICANN Board both seem poised to grant sufficient runway to the community to refine an idea for a simple ticketing system designed to centralize requests for registrant information disclosures and provide meaningful data that is likely to help ICANN staff enhance its assessment of the SSAD proposal. This is very good news for those who advocate for consumer safety and trust on the Internet, and it is very good news for the ICANN multistakeholder model. more

The EARN IT Act: The Wrong Solution to a Complex Problem

The EARN IT Act was reintroduced into Congress last Monday, with the promise that it would end Internet platforms' "blanket immunity" for "tens of millions of photos and videos" of child sexual abuse that they allow to circulate online. With the bill already scheduled for hearing in committee, it's on track to be passed quickly. And why shouldn't it be, if its sponsors' claims about it are true? Perhaps because they're not true. more

New Research from CSC on the Impact of COVID-19 on Internet Security and Safety

Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing. Domain security intelligence is the first line of defense in preventing domain cyberattacks. more

The UK Seeks to Enforce Tougher Standards on MSPs

The UK government is proposing new regulations to strengthen cyber resilience in the private sector. Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession. This is a welcomed development, but more details about implementation and enforcement are needed. more

Dissecting the 2022 UK Cyber Security Strategy: The ‘Whole of Society’ Approach

The UK government launched its 2022 Cyber Security Strategy on 15 December 2021, outlining its ambitious plans to improve the resilience of UK institutions and businesses while protecting the country's interests in cyberspace. The strategy signals a more involved approach by the government, which previously relied heavily on the private sector for leadership. The government's stated commitment to a 'whole of society' approach sounds really good on paper, but what exactly does it really mean? more

We Must Keep Track of How Countries Will Confront Cybercrime in a New UN Convention

As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more

Registrar Influence on the Domain Security Posture of the Forbes Global 2000

In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more

Cryptocurrency and DNS: Phishing Domains, Cryptomining and More

When we look at the intersection of cryptocurrency and domain data, we see something insidious: The prevalence of crypto-related threats. And it's not just cryptojacking. It's not even the use of cryptocurrency which has made ransomware attacks easier for threat actors to commit and all the more widespread. As with nearly every trend, there is always someone looking to capitalize on it and use it for their own, personal gain. Ever since cryptocurrency became the pandemic hobby of choice, threat actors have begun to target crypto novices for their schemes. more

Key Findings from the 2021 Domain Security Report

With cybercrime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk. The risk of not addressing your domain security can be catastrophic. more

The Importance of Understanding Attacker Target Selection

There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more

Examining Real Examples of DNS Abuse: A Summary Overview of the 2nd DNS Abuse Forum

It was not without a little trepidation that I planned the 2nd DNS Abuse Institute Forum to focus on the long-standing and often contentious definitional issues surrounding DNS Abuse. While the risk of getting stuck in the usual entrenched positions was real, it seemed to me that we had an opportunity to provide some clarity and if not change minds, at least provide perspective. more

Your Cybersecurity is Only as Strong as Your Weakest Vendor

Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it's not if but when you're attacked? more

Vendor Selection Matters in the Domain Registrar Ecosystem

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more

News Briefs

Close to Half of US East Coast Fuel Supply Shutdown Due to Ransomware Cyberattack

DDoS Attacks Are Surging Both in Frequency and Sophistication

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Trump Admin Ramping Up Attacks on GDPR – Says It Helps Cybercrime, Threatens Public Health

Trust Has Eroded Within the Cybercriminal Underground Causing a Switch to Ecommerce Platforms

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

Cyber Risk Now on Top of Corporate Risk Agendas, Cyber Insurance Expanding

281 Arrested Worldwide by US Federal Authorities in Connection With Business Email Compromise Scheme

The Insecurity of the IoT is Only Getting More Profound, Says Principal Researcher at F-Secure

Ransomware Causes 15 Schools in Arizona To Stay Closed For a Second Day

Phishing Attacks Targeting Executives Now Top Cybersecurity Insurance Claims, Says AIG

By 2021 Cost of Cybercrime to Top Annual Natural Disasters and Global Drug Trade Costs, Says Report

Close to 200K Phishing Domains Discovered in a 5-Month Span, 66% Targetted Consumers, Akamai Reports

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Industry Updates

Participants – Random Selection