Domain Management

Domain Management / Featured Blogs

U.S. National Cybersecurity Strategy and Its Impact on Domain Security

Last month, the U.S. National Cybersecurity Strategy was launched, providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world. more

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more

Patterns and Trends in Domain Tasting of the Top 10 Global Brands

Domain tasting is a long-established practice involving the short-lived existence of a domain, which is allowed to lapse a few days after its initial registration. The practice arose in response to an Internet Corporation for Assigned Names and Numbers (ICANN) policy allowing a domain to be cancelled -- with all fees refunded -- within a five-day grace period, intended to address the issue of accidental registrations1. However, the practice is open to abuse by infringers. more

Blockchain Domains and What They Could Mean for Online Scams and Brand Protection

Blockchain domain names, domains that are stored on blockchain or cryptocurrency exchanges, are part of a growing, unregulated, and decentralized internet. Right now, blockchain domains are used mostly by cryptocurrency users, but they are growing in popularity - the Ethereum name service reported over 2.2 million .eth domain name registrations in 2022. At the same time, crypto scams are also exploding, reaching a total of $3.5 billion in losses in 2022. more

The Highest Threat TLDs - Part 2

In the first article of this two-part blog series, we looked at how frequently domains were used by bad actors for phishing activity across individual top-level domains (TLDs) or domain extensions, using data from CSC's Fraud Protection services, powered by our DomainSecSM platform. In this second article, we analyze multiple datasets to determine the highest-threat TLDs, based on the frequency with which the domains are used egregiously for a range of cybercrimes. more

The Highest Threat TLDs - Part 1

A domain name consists of two main elements: the second-level domain name to the left of the dot - often consisting of a brand name or relevant keywords - and the domain extension or top-level domain (TLD) to the right of the dot. Domain names form the key elements of the readable web addresses allowing users to access pages on the internet and also allowing the construction of email addresses. more

2023 Review of the Online Brand Protection Market

Having been involved in this sector for over fifteen years now, the rate of change in the market dynamics continues to surprise me - from its early years when MarkMonitor and NetNames clearly led the space for several years, then seeing well-funded startups such as Yellow Brand Protection and Incopro challenge that, followed by a period of heavy M&A, it is now extremely diverse. more

How Safe Are Your .KIDS?

This year has been one of the busiest years for domain launches in quite a while. Before the end of 2022, we'll see one more significant domain launch, namely .KIDS, on November 29, 2022. This extension is being launched as a safe space on the internet for children and parents. The registry has set out some very strict use policies to make this happen. Some companies have already registered their brands during the Sunrise Period, while others have taken up names in the Community Sunrise. more

Three Reasons Why CISOs Need to Understand Domain Security

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). Domains used as a company's online world are part of an organization's external attack surface and need to be continuously monitored for cybercrime attacks and fraud. more

Industry Updates

Subdomain Hijacking Vulnerabilities Report: One in Five DNS Records Are Left in a State in Which They Are Vulnerable to Subdomain Hijacking

Uncovering Other DarkTortilla Threat Vectors

Supply Chain Security: A Closer Look at the IconBurst and Material Tailwind Attacks

RedLine Stealer: IoC Analysis and Expansion

Robin Banks May Be Robbing You Blind

Investment-Related Cybersquatting: Another Way to Lose Money?

The Business of Cybercrime: Does Malicious Campaign Planning Take as Long as Legitimate Marketing Campaign Planning?

2022 CSC Domain Security Report Finds Nearly Three-Quarters of Global 2000 Companies are at Alarmingly High Risk of Exposure to Security Threats

Dormant Colors IoC Expansion: Don’t Install Browser Extensions from These Domains

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

Insights Into an Active Spam Domain Portfolio

Where Domain Security Meets the Supply Chain Crunch

Should Cracks and Keygens Remain a Cybersecurity Concern?

Is Your Software a Top Impersonation Target?

DIY Web Attacks Might Still Live on via WebAttacker