The first half of 2021 saw a large number of domain name-related attacks. ICANN (the global domain regulator) identified 6,124,060 domain name security threats. Most major Australian brands experienced some form of domain name abuse, we even saw AuDA (the Australian domain name regulator) targeted by a bad actor who posed as an auDA employee via the fake domain name auda-domains.com.
Domain abuse is where a bad actor copies a brand’s domain name for illegal, improper, fraudulent or malicious purposes. It is a tool used to steal data, personal information, or trick individuals or businesses into thinking that they are dealing with a trusted brand.
Common Domain name abuse scenarios include:
- Cybersquatting – is the practice of registering a company, brand name or trademark term, as domain names, with the aim of reselling them at a profit (applephones.com)
- Typosquatting and misspelling registrations – is the method of just changing the spelling of the domain name to make it look like the real thing (apqle.com).
- Domain name registration under another Top Level Domain (apple.xyz).
- Replacing country code TLD’s (apple.com.ai).
- Homographic domains – are words that share the same written form as another word but have different meaning or pronunciation. For example, a domain name may replace a latin letter with a cryllic symbol (Дpple.com) to confuse consumers.
Domain name abuse can occur in isolated once-off incidents to more sophisticated multi-domain name attacks. Often domain name abuse occurs shortly after the domain name is registered so quick countermeasures should be applied to address them.
At present, there is an overemphasis on attack response and underemphasis on proactive, preventative measures to detect, identify, and mitigate threats before an attack can occur.
Proactive domain name monitoring provides organisations with the ability to get on the front foot, quickly identify issues and take steps to bring down an infringing domain name and its content.
A good domain name monitoring solution will be able to identify an identical and confusingly similar variation. For example, if a bad actor transposes some letter to confuse customers, such as goolge.com the tool should able to pick that up. A good monitoring tool should be able to pick up basic typos but also complex variations and improve as attacks change.
brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.