How to Defend Against DNS Fraud

As a well-meaning collective society, we like to think that tough times bring out the best in us. Unfortunately, where supply chains have become strained, cybercriminals have seen opportunity in domain vulnerabilities.

Recent years have seen an increase in web domain-related attacks, targeting 2000 global brands as well as consumers looking for products or information online in a high-demand market. More recently, attacks have targeted branded web domains in industries that have suffered from supply chain crises exacerbated by the pandemic, such as infant formula and semiconductor markets.

The problem is serious. Due to the connected nature of domain names and the Domain Name System (DNS), a single compromise of a domain registrar or cloud provider via a phishing attack (or a dormant domain found via search engine results) may extend beyond internet provisioning. business chain and infrastructure. This may result in the exfiltration of sensitive and proprietary company data, or the theft of identifying information or personal information associated with customers and/or employees.

These incidents are now commonplace, as it has become far too easy to register fraudulent domain names to launch phishing, ransomware, keylogging, device hijacking and other fraudulent online schemes. According to a Neustar Security Services report, more than 70% of organizations suffered a DNS attack in 2021; 58% of attacks had a “significant” impact.

When combined with poor security hygiene within the corporate data center, major cloud hosting providers, and domain registrars, it only takes one successful attempt on the part of a data center. an adversary to weaponize millions of domains for phishing (including spreading ransomware and other malware), online trademark infringement, or using botnet and Tor infrastructure. As a result, victimized organizations face numerous consequences, including loss of revenue, reputational damage, consumer safety issues, and additional cybersecurity compromises. Last year, 83% of organizations experienced a domain-based phishing attack.

Regarding the latest semiconductor shortage, to research by CSC reviewed domain names registered between January 2021 and May 2022 that resembled those of the six major semiconductor brands or contained relevant search terms (semiconductor, electric chip, etc.). We found that third parties owned 95% of them, indicating an abundance of potentially fraudulent names. Nearly four out of five fields related to semiconductors use domain privacy services or have WHOIS details redacted; 44% are configured with MX email records, which are often used to send phishing emails.

Given these developments, organizations should take proactive steps to protect their domain portfolios, including:

Commit to defense in depth policies and practices: The surest way to reduce third-party risk is to take a holistic, multi-tiered approach that addresses an organization’s domain security, technology, and processes, while being governed by audit and compliance frameworks. appropriate compliance.

In addition to basic security measures such as multi-factor authentication, a rigorous defense-in-depth strategy associated with domain name portfolios will include the following critical components:

  • DNS monitoringto confirm that a domain name is correctly translated to a corresponding IP address.
  • Registry lockwhich confirm all requested changes to the domain owner, thereby preventing unauthorized and potentially dangerous changes to the domain.
  • Regulated authorizationsboth normal and high, as well as an authorized contact policy, to further prevent unauthorized domain activity.
  • DNS Security Extensions (DNSSEC), that authenticate communications between DNS servers. Without DNSSEC, hackers can take control of a browsing session during any part of the DNS lookup process and redirect users to fraudulent, malware distribution and/or otherwise malicious websites.
  • Domain-Based Message Authentication, Reporting, and Compliance (DMARC)which leverages mail server reports to identify possible authentication issues and malicious activity.
  • DNS hosting redundancy with complete network separation, which mitigates potential downtime and Distributed Denial of Service (DDoS) attacks, increasing availability and reliability. and resilience. (As such, it is also an essential part of a global business continuity plan.)
  • DDoS Protectionto defend targeted servers against DDoS attacks.

Re-evaluate your domain registrar: Consider using an enterprise-class domain registrar and check your choice of registrar appropriately. Most companies don’t use enterprise-grade registrars and instead stick with consumer-grade ones, which typically don’t offer domain security or brand and fraud protection solutions. Many consumer registrars are known to operate marketplaces that sell domain names to the highest bidder, even if those domain names contain trademarks belonging to someone else.

Ongoing monitoring of domain space and key digital channels such as marketplaces, apps, social media and email: Brand monitoring tools can help businesses identify brand abuse, infringement, online counterfeiting, and revenue leakage. Meanwhile, Domain Security Monitoring, which covers newly registered, re-registered and deleted domains, identifies threat vectors targeting the domain portfolio. These can include idle websites, phishing, malware payloads, and other malicious websites and activities, as well as DNS spoofing methods, such as homoglyphs (confusing domain names with legitimate brand names, i.e. intentionally “fuzzy matches”), keyword matches, typos, or key country domains. Cybercriminals and other malicious actors rely heavily on all of these schemes as part of their reconnaissance and attack arsenal.

Launch of the application and withdrawals worldwide: Organizations can apply a number of technical and legal tactics to limit, block or remove fake domains, IP addresses and fraudulent URLs. Enforcement actions should include marketplace delistings, social media page suspensions, mobile app delistings, cease and desist letters, removal of fraudulent content, and full mitigation of vectors of abuse. threatens.

Invest in a dedicated training program: Employees and contractors need regular updates on the latest trends of adversaries exploiting domains to conduct phishing attempts that target them.

We cannot change the dark hearts of cybercriminals and other bad actors. That’s why companies should incorporate proactive and comprehensive domain protection into their overall cybersecurity strategy. Faced with this, fraudsters will no longer be able to easily pull off domain-based scams. So leaders in stressed supply chains can focus on resolving stock-outsinstead of facing the crisis of a brand compromise.

keep learning

Previous How DNS Security Can Jumpstart the Shadow IT Management Process
Next 5 Public Domain IPs That Should Be Gaming