- A majority of the world's largest companies fall short in protecting their domain registrations, making them susceptible to phishing attacks, business email compromise or even ransomware, according to a report from CSC. CSC examined the core domain for Forbes Global 2000 companies, applying proprietary tools and publicly available information to inform the report.
- Among Forbes Global 2000 companies, 81% of them do not use registry locks, a commonly used method of securing domain names. The report shows that out of the domains owned by third parties, 60% were registered from 2020 through the first half of 2021. By the end of 2021 this percentage could rise to 68%.
- About 70% of homoglyphs — fuzzy match domains designed to look similar to another — are owned by third parties. The report also shows 57% of the Global 2000 are using consumer-grade registrars, which provide limited domain security methods designed to protect against domain and DNS hijacking.
The annual report comes at a time of heightened awareness and concerns about ransomware involving critical infrastructure and major U.S. companies. Phishing has been cited as one of the top methods of gaining access to a corporate environment, yet major companies are failing to protect themselves and their customers from online attacks, per the report.
"Domains serve on the front lines of the enterprise, yet they're not getting a front line of defense commensurate with today's cyber risk landscape," Vincent D'Angelo, global director, corporate development at CSC Digital Brand Services, said via email. "This is because domain security is not part of most companies' existing phishing and ransomware mitigation playbooks."
Researchers fear that an event like Monday's Facebook outage may provide the opportunity for malicious actors to launch a wave of phishing attacks.
"Dependencies on non-enterprise grade infrastructure that lack redundancy are always a concern," D'Angelo said. "But as it pertains to big global events, especially related to well known brands, there is always a surge in copycat behavior leveraging malicious domain registrations to launch phishing attacks."
Phishing usually takes place through the compromise of a legitimate domain, a malicious domain registration or through spoofing an email header, D'Angelo said.
"If a hacker can get control of an unsecure domain, it gives them an easy gateway to commit phishing schemes, which continue to plague companies and customers around the globe."
A number of recent incidents appear to be using tactics found in domain registration attacks. D'Angelo pointed to the recent Tomiris backdoor attack that has indications of DNS hijacking. In addition, the stolen domain attack involving programming site Perl.com as another example.