Cybersecurity

OARC-40: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ... more

Trust and Insecurity

When I was first advocating home networking at Microsoft, we encountered a problem. The existing systems and applications had implicitly assumed they were inside a safe environment and didn't consider threats from bad actors. Early Windows systems hadn't yet provided file system with access control and other protections though there were some attempts to have separate logins to keep some settings separate. more

Domains Under the Most-Abused TLDs: Same Old DNS Abuse Trends?

While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more

DNSAI Compass: Six Months of Measuring Phishing and Malware

The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement. more

Patterns and Trends in Domain Tasting of the Top 10 Global Brands

Domain tasting is a long-established practice involving the short-lived existence of a domain, which is allowed to lapse a few days after its initial registration. The practice arose in response to an Internet Corporation for Assigned Names and Numbers (ICANN) policy allowing a domain to be cancelled -- with all fees refunded -- within a five-day grace period, intended to address the issue of accidental registrations1. However, the practice is open to abuse by infringers. more

The Highest Threat TLDs - Part 2

In the first article of this two-part blog series, we looked at how frequently domains were used by bad actors for phishing activity across individual top-level domains (TLDs) or domain extensions, using data from CSC's Fraud Protection services, powered by our DomainSecSM platform. In this second article, we analyze multiple datasets to determine the highest-threat TLDs, based on the frequency with which the domains are used egregiously for a range of cybercrimes. more

The Highest Threat TLDs - Part 1

A domain name consists of two main elements: the second-level domain name to the left of the dot - often consisting of a brand name or relevant keywords - and the domain extension or top-level domain (TLD) to the right of the dot. Domain names form the key elements of the readable web addresses allowing users to access pages on the internet and also allowing the construction of email addresses. more

Digital Governance in 2023: Revisiting ‘1998 Deals’ and 12 Main Trends

At the beginning of 2023, the good news is that, in spite of all geopolitical tensions, the Internet infrastructure built around TCP/IP continues to carry emails, web pages, videos, and podcasts across the globe. Technically, the Internet remains robust. The bad news is that more and more digital borders will continue to affect the global nature of international digital communication... more

Is Secured Routing a Market Failure?

The Internet represents a threshold moment for the communications realm in many ways. It altered the immediate end client of the network service from humans to computers. It changed the communications model from synchronized end-to-end service to asynchronous and from virtual circuits to packet switching. At the same time, there were a set of sweeping changes in the public communications framework... more

How to Avoid Insider Threats Such as the Latest New York Post Hacking

New York Post has been "hacked" by an employee. To protect themselves from insider threats, companies can deploy zero trust and restrict access. On October 27, the New York Post published a string of racist and sexist articles on its website. Fabricated news about politicians, such as pieces concerning racist comments of a New York City mayor, has been headlining the publication. more

Three Reasons Why CISOs Need to Understand Domain Security

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). Domains used as a company's online world are part of an organization's external attack surface and need to be continuously monitored for cybercrime attacks and fraud. more

Going Dark: How the Increasingly Dark Network Is Creating Some Pretty Ugly Choices for Site Security Administrators

I'd like to reflect on a presentation by Dr. Paul Vixie at the October 2022 meeting of the North American Network Operators Group (NANOG) on the topic of the shift to pervasive encryption of application transactions on the Internet today. There is a view out there that any useful public communications medium needs to safeguard the privacy and integrity of the communications that it carries.  more

The Modern Encryption Debate: What’s at Stake?

The debate around encryption has become a hot topic in a world where communications are increasingly becoming digital. The modern encryption debate is a complex and nuanced issue, with many players from different backgrounds trying to influence the conversation. The question of balancing the need for national security with the right to privacy has been a matter of public debate for years. Only recently has the issue been framed in terms of encryption, but the discussion is certainly not new. more

OARC-39: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

OARC held its fall meeting in Belgrade on October 22 and 23. Here are my impressions of some of the presentations from that meeting... UI, UX, and the Registry/Registrar Landscape - One of the major reforms introduced by ICANN in the world of DNS name management was the separation of registry and registrar functions. The intent was to introduce competition into the landscape by allowing multiple registries to enter names into a common registry. more