Skip to main content
close search
site logo
Dive Brief

Top global companies falling short in protecting domain security

Published Oct. 5, 2021
David Jones's headshot
Reporter
Sean Gallup via Getty Images

Dive Brief:

  • A majority of the world's largest companies fall short in protecting their domain registrations, making them susceptible to phishing attacks, business email compromise or even ransomware, according to a report from CSC. CSC examined the core domain for Forbes Global 2000 companies, applying proprietary tools and publicly available information to inform the report. 
  • Among Forbes Global 2000 companies, 81% of them do not use registry locks, a commonly used method of securing domain names. The report shows that out of the domains owned by third parties, 60% were registered from 2020 through the first half of 2021. By the end of 2021 this percentage could rise to 68%. 
  • About 70% of homoglyphs — fuzzy match domains designed to look similar to another — are owned by third parties. The report also shows 57% of the Global 2000 are using consumer-grade registrars, which provide limited domain security methods designed to protect against domain and DNS hijacking.

Dive Insight:

The annual report comes at a time of heightened awareness and concerns about ransomware involving critical infrastructure and major U.S. companies. Phishing has been cited as one of the top methods of gaining access to a corporate environment, yet major companies are failing to protect themselves and their customers from online attacks, per the report. 

"Domains serve on the front lines of the enterprise, yet they're not getting a front line of defense commensurate with today's cyber risk landscape," Vincent D'Angelo, global director, corporate development at CSC Digital Brand Services, said via email. "This is because domain security is not part of most companies' existing phishing and ransomware mitigation playbooks."

Researchers fear that an event like Monday's Facebook outage may provide the opportunity for malicious actors to launch a wave of phishing attacks

"Dependencies on non-enterprise grade infrastructure that lack redundancy are always a concern," D'Angelo said. "But as it pertains to big global events, especially related to well known brands, there is always a surge in copycat behavior leveraging malicious domain registrations to launch phishing attacks."

Phishing usually takes place through the compromise of a legitimate domain, a malicious domain registration or through spoofing an email header, D'Angelo said.

"If a hacker can get control of an unsecure domain, it gives them an easy gateway to commit phishing schemes, which continue to plague companies and customers around the globe."

A number of recent incidents appear to be using tactics found in domain registration attacks. D'Angelo pointed to the recent Tomiris backdoor attack that has indications of DNS hijacking. In addition, the stolen domain attack involving programming site Perl.com as another example. 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell