Cybercrime

Blogs

A Collision Between Tech Policy and Foreign Policy: the UN Cybercrime Convention

Sometime by year-end, the UN General Assembly (UNGA) will vote on the proposed UN Convention Against Cybercrime. The treaty is opposed by most civil liberties organizations and Internet businesses, although the US position appears uncertain, mostly for reasons of foreign policy.

UN Cyber Diplomacy II: Cybersecurity and Autonomous Weapon Systems

Cybersecurity and artificial intelligence were among the key topics at the 79th UN General Assembly (UNGA). UNGA's 1st Committee, responsible for disarmament and international security, concluded its negotiations in mid-November 2024. It discussed the 3rd Annual Progress Report (APR) of the Open-Ended Working Group (OEWG) and adopted a resolution that recommends, inter alia, the establishment of a new permanent cybersecurity mechanism within the UN system. Furthermore, it adopted two resolutions on autonomous weapon systems (AWS).

Enterprise Domain Stargazing: Understanding Your Company’s Galaxy of Domains

In CSC's recent insight paper, we address the trend that many business leaders today don't realize the extent to which their modern enterprise -- and its millions of digital assets -- rely on. It's a vast domain ecosystem that needs to be protected from online threats. Often, to better understand this need for domain security, we need to understand how critical and interconnected domains are within a business.

UN Cyberdiplomcy I: PoC, Cybercrime and the Global Digital Compact

Despite global polarization, recent UN cyber diplomacy has achieved three significant agreements in 2024: a cyber attack reporting system, a convention against cybercrime, and a "Global Digital Compact." These successes show that consensus on global issues is possible, though the vague wording of agreements raises concerns about their long-term effectiveness in ensuring security and peace.

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers.

NIS 2.0 and Its Impact on the Domain Name Ecosystem

I recently appeared on the 419 Consulting podcast to discuss the European Union's NIS 2.0 Directive and its impact on the domain name ecosystem. I encourage all TLD registries, domain name registration service providers, and DNS operators to listen to the recording of that session which Andrew Campling has made available.

A Call to Help Disrupt the Spread of Child Sexual Abuse Materials

The Internet Watch Foundation (IWF) leads the charge to combat child sexual abuse material (CSAM) online, and we at Public Interest Registry (PIR) are dedicated to supporting their efforts. We are honored to work with them across two important programs: Domain Alerts and TLD Hopping List. IWF services have been extremely successful in addressing CSAM on .ORG over the past five years

UN Cybercrime Convention: Time Is Running Out to Address Draft’s Urgent Risks to Human Rights

In two weeks, final negotiations will begin on the UN's proposed Cybercrime Convention, a document which has elicited widespread concern from civil society, industry groups, and some states due to the serious risks it poses to human rights, including privacy and freedom of expression. Since 2022, GPD and other groups, including EFF, Human Rights Watch and Privacy International, have sought to alert stakeholders within the process to the need for substantial revisions...

Internet Governance Outlook 2024: “Win-Win-Cooperation” vs. “Zero Sum Games”?

The 2024 "To-Do-List" for all stakeholders in the global Internet Governance Ecosystem is a very long one. Not only the real world but also the virtual world is in turmoil. Vint Cerf once argued that the Internet is just a mirror of the existing world. If the existing world is in trouble, the Internet world has a problem.

Sensitive Data Discovery: The First Step in Data Breach Protection

Users are tired of hearing about data breaches that put their sensitive information at risk. Reports show that cybercriminals stole 6.41 million records in the first quarter of 2023 alone. From medical data to passwords and even DNA information, hackers have stolen a lot of sensitive information in 2023.

Can We Get More Eyes on Britain’s Largest Scam “Watch List”?

The FCA has been naming and shaming financial scam domains for decades. Its "warning list" is probably one the most extensive databases of its kind. But does it do a good enough job of actually warning people? Let us begin with the FCA website, which would not exactly get full points for user-friendliness: locating the "watch list" is a task in and of itself, to say nothing of consulting and scrutinising it.

Challenges in Measuring DNS Abuse

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology.

The ‘Millennium Problems’ in Brand Protection

As the brand protection industry approaches a quarter of a century in age, following the founding of pioneers Envisional and MarkMonitor in 1999, I present an overview of some of the main outstanding issues which are frequently unaddressed or are generally only partially solved by brand protection service providers. I term these the 'Millennium Problems' in reference to the set of unsolved mathematical problems published in 2000 by the Clay Mathematics Institute, and for which significant prizes were offered for solutions.

Domains Under the Most-Abused TLDs: Same Old DNS Abuse Trends?

While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs."

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement...

News Briefs

Biden Administration to Back UN Cybercrime Treaty Amid Controversy

Cybercrime Costs German Companies €267 Billion, Organised Crime and Foreign Nations Blamed

Ransomware Crisis in U.S. Healthcare

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

UN Treaty Threatens Cybersecurity, Warns Google

Rise in Cybercrime Exploiting Artificial Intelligence Hype Leads to Growing Threats Within the .ai Domain Space

Researchers Uncover Massive Underground Link-Shortening Service Used by Malicious Actors

UK’s National Agencies Release White Paper on Evolving Cyber Crime Ecosystem

The Hague to Probe Cyberwarfare Under Existing International Law

Phishing Attacks Surge Despite Increased Awareness, New Strategies Needed

The Rising Cost of Digital Theft and Espionage in Germany

Meta Lawsuit Leads to Significant Decline in Phishing Domains Tied to Freenom

New Research Reveals Over 340 Million Accounts Compromised in the First Four Months of 2023

Microsoft, Fortra, and Health-ISAC Take Legal Action Against the Abuse of Cobalt Strike to Combat Ransomware Attacks

FBI Takes Down ‘Genesis Market’ Cybercrime Store: Dozens Arrested Worldwide

German Authorities Seize Servers of Cybercriminal DDoS-for-Hire Service FlyHosting

NCA Launches Campaign to Curb DDoS-for-Hire Website Use, Warns of Legal Risks

Microsoft Launches AI-driven’ Security Copilot’ to Help Companies Fight Hacking Attempts

Europol Warns on the Criminal Usage of ChatGPT and Its Implications for Law Enforcement

Biden Administration Bans Federal Agencies from Using Commercial Spyware

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Industry Updates

Participants – Random Selection