Cybercrime

Blogs

Where Domain Security Meets the Supply Chain Crunch

Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more

Dealing With Non-Compliant Infringers – “The Other 50%”

I often read marketing material from Online Brand or Content Protection vendors, especially some of the newer ones, that make IP rights enforcement sound very straightforward. In some scenarios, given the correct processes are followed, this can be the case - using eBay's VERO program or similar offerings from the major legitimate platforms, counterfeit listings can be removed very quickly. more

Do You See What I See? Geotargeting in Brand Infringements

Geotargeting is a well-established online technique for delivering tailored web content based on a user's geographic location. From an internet technology point of view, this is usually based on the user's IP address, which is converted to a physical location through a standard look-up process performed by network infrastructure. Geotargeting is commonly used by websites for several legitimate reasons, including providing users with relevant advertising and other content... more

World Economic Forum Davos 2022: War in Ukraine, Metaverse und Splinternet

The war in Ukraine, Metaverse and Splinternet were among the most discussed items during the recent World Economic Forum (WEF) in Davos. The topic of cyber security was primarily about the role of cyberattacks in the Ukraine war. Cyber is not the focus of day-to-day public war reporting but is an integral part of warfare on both sides. This applies above all to the use of "social media." more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade. A significant proportion of this trade occurs via digital channels, where global annual expenditure on eCommerce is more than $4 trillion. more

The World of the Subdomain

A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more

ICANN SSAD Proposal Poised to Succeed?

The GNSO Council and the ICANN Board both seem poised to grant sufficient runway to the community to refine an idea for a simple ticketing system designed to centralize requests for registrant information disclosures and provide meaningful data that is likely to help ICANN staff enhance its assessment of the SSAD proposal. This is very good news for those who advocate for consumer safety and trust on the Internet, and it is very good news for the ICANN multistakeholder model. more

The EARN IT Act: The Wrong Solution to a Complex Problem

The EARN IT Act was reintroduced into Congress last Monday, with the promise that it would end Internet platforms' "blanket immunity" for "tens of millions of photos and videos" of child sexual abuse that they allow to circulate online. With the bill already scheduled for hearing in committee, it's on track to be passed quickly. And why shouldn't it be, if its sponsors' claims about it are true? Perhaps because they're not true. more

New Research from CSC on the Impact of COVID-19 on Internet Security and Safety

Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing. Domain security intelligence is the first line of defense in preventing domain cyberattacks. more

The UK Seeks to Enforce Tougher Standards on MSPs

The UK government is proposing new regulations to strengthen cyber resilience in the private sector. Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession. This is a welcomed development, but more details about implementation and enforcement are needed. more

Dissecting the 2022 UK Cyber Security Strategy: The ‘Whole of Society’ Approach

The UK government launched its 2022 Cyber Security Strategy on 15 December 2021, outlining its ambitious plans to improve the resilience of UK institutions and businesses while protecting the country's interests in cyberspace. The strategy signals a more involved approach by the government, which previously relied heavily on the private sector for leadership. The government's stated commitment to a 'whole of society' approach sounds really good on paper, but what exactly does it really mean? more

We Must Keep Track of How Countries Will Confront Cybercrime in a New UN Convention

As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more

Registrar Influence on the Domain Security Posture of the Forbes Global 2000

In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more

Cryptocurrency and DNS: Phishing Domains, Cryptomining and More

When we look at the intersection of cryptocurrency and domain data, we see something insidious: The prevalence of crypto-related threats. And it's not just cryptojacking. It's not even the use of cryptocurrency which has made ransomware attacks easier for threat actors to commit and all the more widespread. As with nearly every trend, there is always someone looking to capitalize on it and use it for their own, personal gain. Ever since cryptocurrency became the pandemic hobby of choice, threat actors have begun to target crypto novices for their schemes. more

News Briefs

Close to Half of US East Coast Fuel Supply Shutdown Due to Ransomware Cyberattack

DDoS Attacks Are Surging Both in Frequency and Sophistication

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Trump Admin Ramping Up Attacks on GDPR – Says It Helps Cybercrime, Threatens Public Health

Trust Has Eroded Within the Cybercriminal Underground Causing a Switch to Ecommerce Platforms

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

Cyber Risk Now on Top of Corporate Risk Agendas, Cyber Insurance Expanding

281 Arrested Worldwide by US Federal Authorities in Connection With Business Email Compromise Scheme

The Insecurity of the IoT is Only Getting More Profound, Says Principal Researcher at F-Secure

Ransomware Causes 15 Schools in Arizona To Stay Closed For a Second Day

Phishing Attacks Targeting Executives Now Top Cybersecurity Insurance Claims, Says AIG

By 2021 Cost of Cybercrime to Top Annual Natural Disasters and Global Drug Trade Costs, Says Report

Close to 200K Phishing Domains Discovered in a 5-Month Span, 66% Targetted Consumers, Akamai Reports

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Industry Updates

Participants – Random Selection