According to CISA, most cyber attacks, including ransomware and BEC, start with phishing. The losses that businesses suffer from ransomware exceed the billions every year. In response, organizations are implementing more sophisticated threat monitoring, detection and mitigation solutions. However, they routinely fail to implement even basic domain security measures, resulting in crippling vulnerabilities for the world’s largest corporate brands.
If effectively implemented, domain security initiatives proactively target phishing at the source. They include proactive measures to secure legitimate domains and to monitor and then eliminate malicious domains owned by third parties. Domain security can serve as a proactive first line of defense, yet metrics are grossly underused, if not completely ignored. It’s like spending thousands of dollars installing cameras and locks in all of our homes but ignoring a broken lock on our front doors.
Vulnerabilities across the enterprise
Due to the highly interconnected nature of domains and DNS, adversaries now focus on this gateway as an access point not only to the victim organization, but also to its supply chain of critical industries and industries. of software platforms – a unique compromise that can pay off with the proliferation of lucrative returns.
- Only 19% of them use domain registry locks, which helps secure end-to-end domain name transactions to prevent unauthorized DNS changes or domain hijacking
- Only 5% deploy Domain Name System Security Extensions (DNSSEC), which authenticate communications between DNS servers, protecting organizations from DNS cache poisoning.
- Only 5% of organizations take advantage of Certificate Authority (CAA) authorization records, which allow security teams to designate a specific Certificate Authority (CA) to serve as a single issuer of certificates for their domains. organization.
- Only half use domain-based message authentication, reporting, and compliance (DMARC) records, which protect an email domain from spoofing and phishing.
Bad solutions
Why do so many organizations allow themselves to be exposed in this way? Because an astonishing 57% use consumer-level registrars instead of enterprise-class ones, which focus on domain security through advanced services such as domain registry locks, DNSSEC, registrations CAA and DMARC, as well as DNS hosting redundancy to provide backup DNS to increase resiliency. Global 2000 companies often assume that they have adequate protection from their consumer registrars and adopt a ‘set it and forget it’ mindset.
Additionally, the CSC report reveals that third parties own 70% of homoglyph domains, which are confusing “fuzzy” domains that are commonly used for phishing attempts. Of those registered domains, 60% have emerged in the past eighteen months, signifying a method of attack that is accelerating dangerously. In addition, 77% of them use domain privacy services – or have had whois details removed – to hide their ownership identity, raising suspicion about their intentions. In fact, 43% of these domains are configured with MX records used to send phishing emails or intercept emails. The worrying thing is that these infamous third-party domains have been registered with mainstream-level registrars known to take advantage of tools like domain rotation or domain auctions, resulting in has led to trademark infringement, trademark abuse and fraud.
In response, companies will rally around employee awareness training and the acquisition of tools to report and block suspicious emails. But human error will never go away, and the bad actors will find ways around the tools. For example, an attacker can bypass these defenses by taking control of a domain that the user believes to be correct. Once the attacker redirects DNS records for an organization’s domain, the compromised domain can be used to collect credentials, distribute ransomware, or initiate a fraudulent wire transfer. Therefore, companies should consider the following proactive and preventive recommendations and controls to secure domain assets and thwart phishing attacks:
- Leverage an enterprise-class domain registrar and DNS security provider to take a defense-in-depth approach to domain management;
- Consider using domain registry locks, CAA, DNSSEC, DMARC records, and DNS hosting redundancy;
- Implement multi-factor authentication for systems used to secure domain names, DNS records and digital certificates to reduce the risk of compromise;
- Register domains that could be high value targets related to your brands (i.e. homoglyphs or country domains) to mitigate the risk of bad actors using them;
- Continuously monitor domain and DNS activity to identify potential compromises where domains can be used for phishing and other fraudulent activity; and
- Take advantage of global enforcement mechanisms using a range of technical and legal approaches to remove, limit or block access to these areas.
Domain protection remains the missing first line of defense against cyber attacks including phishing. While they should be among the first assets to secure, they are too often completely ignored, increasing the likelihood of major threats to brand data, intellectual property, supply chains, consumer security, income and reputation. By adopting our recommendations and controls, along with our online monitoring and fraud suppression capabilities, your organization will instead fortify itself with a multi-layered defense-in-depth strategy. Thanks to this, companies will keep their “front door” closed to cybercriminals.