While the March report from ICANN's Domain Abuse Activity Reporting system show a general reduction in second-level gTLD domain names identified as being used in phishing, malware distribution, and botnet command and control, it has been widely reported that criminals are taking advantage of the global COVID-19 pandemic by launching malicious online campaigns. There have also been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse. more
And so it goes, we are coming to the end of 2019, and that can mean only one thing. It's time for another Domain Name Year in Review. And unlike years past, this year was a real doozy. So without further ado, here are the domain name industry's top 10 biggest stories for 2019... To date, 48 leading registries and registrars have signed onto the "Framework to Address Abuse." The initiative was launched in November 2019, just prior to the ICANN meeting in Montreal. more
Major European legislation, the General Data Protection Regulation, evoked substantial change in the way we deal with the visibility of domain name registration information, and understandably those that use that data to solve problems are concerned about these changes, and some have even called for a U.S. legislative fix. However, a more in-depth look at the issue and the policy-making surrounding it will show that there is, in fact, a process already well underway to address the situation. more
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints." more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more
New Zealand's Domain Name Commission (DNC) wins in court against the US company DomainTools for "illegally scrapping personal information" of .nz domain name owners. more
How many times have you heard that humans are the weakest link in cybersecurity? The headlines have proven that over and over again. In particular, business email compromise or BEC (also known as email account compromise or EAC) scams, which typically target an employee with access to the financial resources of his company -- this could be a C-level executive or any high-ranking officer -- for fraud are still on a constant uphill trend. more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system. The 8th ROW will be held in Bangkok, Thailand on Thursday, May 9th, 2019 in the afternoon, at the end of the GDD Industry Summit, in the same venue. more
There is no rest for the wicked. If you think that 2018 was the climax of cybercrime, wait until you see what happens in the next few years as cybercriminals are constantly learning new ways to strike. Take for instance domain-related attacks now coming in a variety of forms. There's domain hijacking which involves gaining of access to domains and making changes without owners' permission. You have typosquatting where phishing is often utilized to steal valuable information. more
Who would think that so much could go wrong with something as seemingly innocent as a domain name? As cybercrime continues to evolve, causing devastating reputational and financial losses to businesses and organizations, web addresses are used as a weapon -- and it's not always easy to notice their many faces. In this article, let's take a look at the domain name crime landscape, discuss the current challenges investigators and legitimate registrants face, and talk about some useful techniques. more
David Redl has written to ICANN in relation to the ongoing work around whois and GDPR. The letter, which was shared with the GNSO Council last night, is a mixed bag. On the one hand, it offers the carrot in relation to what's been done so far, but then there's the not so veiled threat, which isn't a revelation by any means, of "domestic legislation." more
The ICANN 64 meeting in Kobe concluded two weeks ago, and we are no closer to accessing WHOIS data critical for law enforcement, cybersecurity threat investigators, intellectual property owners, or other consumer protection advocates who rely on the data to act quickly against online abuse in the domain name system. Instead of a balanced approach to WHOIS that serves the public interest, the ICANN Board is set to approve a new global policy that fails to even fully acknowledge critical... more
The ICANN community recently gathered in Kobe, Japan for its first meeting of the year and it was certainly a busy week for attendees. Much of the meeting centered around the work of the Expedited Policy Development Process (EPDP) to address gTLD registration data. As a member of the EPDP team, we had been hard at work since being formed in August of 2018. Just prior to the Kobe meeting, we published the phase 1 Final Report. more
Want to be a cybersleuth and track down hackers? It may sound ambitious considering that malevolent entities are extremely clever, and tracing them requires certain skills that may not be easy to build for the typical computer user. But then again, the best defense is offense. And learning the basics of sniffing out cybercriminals may not only be necessary nowadays, it has become essential for survival on the Web. So where can you begin? more
A World-Renowned Source for Internet Developments. Serving Since 2002.