When the European Union introduced General Data Protection Regulation (GDPR) directives several years ago to address privacy concerns, it sparked a global movement that led to one increased attention to privacy issues. Similarly, the EU recently issued guidance on a security issue that still doesn’t get the attention it should: DNS abuse.
The Domain Name System (DNS) is a hierarchical, decentralized naming system used to identify computers, services, and other resources accessible through the Internet or other Internet Protocol (IP) networks. Specifically, DNS abuse is any activity that uses domain names or the DNS protocol to conduct harmful or illegal activities. Malicious DNS activity has been a frequent and serious problem for years, affecting online security, undermining trust on the Internet, and causing harm to users and third parties. This type of abuse also includes cybersecurity threats and the distribution of illegal and harmful content.
While many organizations are familiar with traditional approaches to cybersecurity, the one area that is routinely ignored is the maintenance and protection of web domains. Inaction leads to issues such as DNS hijacking, which redirects employees, partners, and customers to sites that put them at risk or steal sensitive data. When legitimate domains are compromised, cybercriminals bypass traditional security, making it harder to identify, mitigate, and block these users. Fraudsters also use malicious domains (for example, homoglyphs or domains or subdomains with confusingly similar names) and email spoofing to commit fraud and intellectual property abuse.
To date, there is no global consensus on what should be done to prevent or combat DNS abuse, and there are no policies in place to compel domain registrars to higher validation standards in terms of ownership. Hold and preserve a reliable, resilient and secure DNS is a key factor in maintaining the integrity of the Internet and is essential to its continued and stable functioning, on which the digital economy and society depend.
To address this, the European Commission recently carried out a study and published this report, which assessed the scope, impact and scale of DNS abuse, and also provided information for possible policy measures based on identified gaps. The analysis of the available data was completed and the report offered a set of recommendations to prevent, detect and mitigate DNS abuse.
Takeaways from the DNS report
While this report is compelling and provides guidance to follow, there are key areas that organizations should focus on when looking to improve their organization’s domain security posture. Specifically, the report recommends the following:
- Selection of providers with more validation standards for domain registrations.
We need to hold domain registrars to higher standards. They should adopt a customer validation approach that verifies who the customer is to ensure there is no abuse. This “know your customer” strategy is used in businesses today to mitigate fraud, and in this case, it can bring a level of compliance to a situation where cybercriminals are currently registering a new domain whenever they want.
- Initiate prevention and remediation solutions.
Free hosting and subdomains, services originally intended for legitimate services, are commonly exploited in phishing attacks. Businesses should enable proactive detection of suspicious domain names containing targeted branded keywords. Additionally, they must monitor the domain and DNS space for trademark abuse, counterfeiting, and fraud. Trusted notification programs should be developed so that companies can enforce their rights by reporting and suspending offending domains.
- Increase adoption of security controls.
Domain Name System Security Extensions (DNSSEC) can authenticate communication between DNS servers. However, low adoption and lack of deployment can cause hackers to take over an Internet browsing session and redirect users to deceptive websites. SPF and DMARC should continually be adopted as the first line of defense against Business Email Compromise (BEC), as these protocols can mitigate email spoofing. Equally crucial for security is enabling registry locks. While youThis domain was not covered in the European Commission report, it is a great way to prevent attacks, as it enables end-to-end domain name transaction security to mitigate human error and risk. of third parties. Most major registries in Europe, such as those in Germany, France and Sweden, have adopted this security measure, but it is not consistent, with some notable exceptions such as Italy and Spain. Unlocked domains are vulnerable to social engineering tactics, which can lead to unauthorized DNS changes and domain name hijacking.
- Better standards in top-level domains (TLDs).
A TLD is the final component of a domain name (.org, .icu). Generic TLDs (gTLDs) are the most abused domains by volume. However, some new gTLDs and country code TLDs (ccTLDs) have a higher concentration of fraud. You can get a TLD for less than a dollar these days, and phishers love the easy accessibility. Further consideration should be given to tools and measures that protect intellectual property rights and consumer safety in a cost-effective and scalable way. One example is program blocking – exploited by the Donuts DPML program – which could reduce DNS abuse. Donuts, which is part of the gTLD program, offers a blocking service for trademark holders known as the Domain Protected Marks List, or DPML.
Building Domain Standards
While the EU report provides excellent insights on how to better mitigate threats to domains, it should serve as a building block that businesses and countries around the world can build upon.
As domain standards evolve, it will be important for government and industry to develop effective policies and programs to ensure that web users are not exposed to crime and fraud in their daily lives. . At the same time, limiting the ability of hackers to operate and commit malicious fraud will be vital to our society and our digital economy.