Since the pandemic, businesses have changed their focus, looking to a fully digitized business model. As such, the last two years have transformed nearly every business into a form of digital entity, with digital assets becoming foundational elements of business operations and deemed as important as physical assets.
The pivot towards having some or nearly all operations online has been amplified by the emergence of cryptocurrency, online communications, and other online platforms. Organizations use these to engage with customers and disseminate information between the brands and their audiences. Unfortunately, despite web domains being the foundation of this new digital emergence, they’re often overlooked — which exposes businesses to cyber risks, as domains are a prime starting point for cyberattacks as well as brand-based fraud.
There are two common risks when domains are left unprotected. The first is related to domain name governance and domain hijacking, which brands are particularly susceptible to if they are registered with a consumer-grade registrar. These registrars often don’t implement registry lock and other advanced domain security measures, leaving the domain at risk. The second is fraudulent, brand-specific domain registrations, usually due to the absence of robust monitoring and enforcement service, making the brand appear an easy target to bad actors.
The registration and exploitation of fake branded domains to commit fraud and launch cyberattacks have exploded. Often, the intent of malicious domain registrations is to leverage the trust consumers have for the target organization and launch phishing attacks. Such digital brand abuse leads to revenue loss, traffic diversion, and a diminished brand reputation for the organization in question. Phishing and brand abuse takedowns, in general, have a median takedown time of six hours in the U.S., and 12 hours outside of the U.S., resulting in lost revenue and web traffic. Brand abuse takedowns can take longer as the issues are not often as straightforward and require further investigation and supporting documentation.
As third-party threats to domains continue to emerge, compromising organizations and their brands, I have noted four notable emerging threats in the domain name space to be aware of.
1. Ease of third-party registrations
Commonly unknown, anyone can register an available domain name at any time and at low cost. It’s an open playing field for creating threat vectors. If the domain name is available, all that’s needed is a credit card, and in 10 minutes, a bad actor can have a newly registered domain name — it’s that easy. A tactic commonly used by bad actors is to register a web domain months in advance and seemingly leave it dormant, only for it to resurface suddenly with the initiation of an attack — i.e., an email requesting sensitive information sent to the brand’s employees or customers — and see who bites.
2. A change in how organizations value their domain names
Organizations are suddenly realizing their domain names are their most critical brand-related digital assets, especially with COVID-19 accelerating the shifts in the digital landscape. Executives now see domain names as a vital piece of their digital strategy in creating a trusted brand. If these digital assets, which are driving interactions with customers, are not secure, organizations open themselves to huge cyber threats that could bring down operations, cause data breaches, and ultimately diminish customer trust in the brand. This highlights the importance of using a security-conscious registrar to safeguard the domains that your customers trust. And therefore, monitoring for spoofed domains must also be part of your digital governance strategy.
3. The explosion of QR code use creates more routes to hijack
QR codes are images that can be scanned with a cell phone camera and translated to a URL that directs traffic to a specified domain name. QR code use lengthens the lifespan of a domain name, adding increased traffic to an organization’s website. But it also allows bad actors to redirect traffic for fraudulent purposes. For example, it was well-publicized that many 2022 Super Bowl commercials featured QR code images on the screen. These are becoming ubiquitous in our day-to-day lives and therefore present an opportunity to be hijacked, taking unsuspecting consumers, not to the genuine site, but instead pointing to a phishing site where personal data or financial information could be harvested.
4. The rise of Blockchain domains
Blockchain domain names are becoming more popular. A traditional domain name represents a particular IP address for a website accessible via the internet. Entering a domain into a URL field, the browser queries a DNS server, which then links the domain name to the IP address and displays the website associated with that domain name. By contrast, a blockchain domain runs on an alternative DNS, linking to an address on a blockchain provided by a blockchain domain name service. The issues with Blockchain domains are that they are not controlled by a regulator (e.g., ICANN), they are decentralized, meaning traditional enforcement processes don’t apply, and determining who owns or manages them is often more difficult. As with QR codes, Blockchain domains open new routes for bad actors to launch cyberattacks, but this time in an environment where enforcement action doesn’t necessarily result in the suspension or deactivation of the domain name.
We’re now living in a digital economy, and we must pay close attention to these emerging digital threats in the domain name space. Many are still not aware of how easy these attacks can be deployed. Companies must establish a multistakeholder digital governance team and align strategies. Bad actors are early adopters of these attack vectors. Watch this space.