According to a survey conducted by domain registrar and digital branding business CSC, the majority of organizations on the Forbes Global 2000 list are exposed to assaults on their Internet domains owing to inadequate protection. To assess domain security policies, the organization examined domains owned by the top 2000 corporations on Forbes’ list. It discovered that many of them had failed to establish domain security policies that would aid in the prevention of phishing and domain hijacking.
Half of the businesses polled do not even utilize domain-based message authentication, reporting, and conformance (DMARC), a system used to ensure that emails are sent from a genuine address.
Also Read: What is DMARC and how to set it up
DMARC Adoption Among Industries
IT software and services firms were the most likely to adapt, accounting for 74%, followed by healthcare equipment and services, semiconductor makers, and media organizations. Construction firms (28%) were the least likely to utilize the tool.
CSC also discovered a poor use of numerous additional domain security measures. Only 5% of businesses implemented DNSSEC, a technique that protects against DNS cache poisoning attacks. The same number of CAA records were utilized, which identify a different certificate authority for each of a company’s domains. If an attacker gains control of a domain, this prevents them from obtaining a company’s digital certificates.
Registry locks safeguard domain name transactions from start to finish, assisting in the prevention of domain hijacking. Only one out of every five businesses employed them.
The Usual Suspects
CSC looked for suspicious domains that are frequently used in phishing attempts and that hackers may use to target firms on the list. Fuzzy matches, which use alternative Latin characters in domains (such as 0 instead of o), ‘cousin’ domains using different top-level domains (such as country-level domains instead of.com), domains that mix topical keywords in with a company name, and homophones, which use names that sound similar to others, were among their findings.
Researchers also looked for domains based on homoglyphs (also known as homographs). These domains resemble famous target domain names by using Unicode characters from non-Latin character sets such as Cyrillic or Greek that look like Latin letters.
According to recent reports, 70% of these questionable domain types were controlled by third parties, with 60% registered after the beginning of 2020. The majority of domains (57%) were directed to advertising or pay-per-click (PPC) web content or were simply parked. However, over half of them (44%) were set up to send and receive emails, making them possible targets for phishing spam.
Cause and Effect: Lapses in Industry Security
According to CSC’s assessment, major organizations fall behind in security measures. Only 19% have their domain’s registration lock active, which prevents the domain from being readily transferred. Furthermore, just 17% of businesses have redundant DNS services to guard against denial-of-service assaults.
While 84% of businesses had Sender Policy Framework (SPF) records in place, just 11% had DomainKeys Identified Mail (DKIM) set up. In addition, only 50% had DMARC Solutions For Business set up. Only two of the 27 businesses studied, showed ‘moderate’ risk-mitigation efficacy. The great majority were classified as ‘moderately poor’, with only two classified as ‘poor’.
Companies will not be able to simply reserve domain names that are identical to their own. With the proliferation of top-level domains and attackers increasing their efforts to reserve homoglyphs, such a strategy would be prohibitively costly.
It makes sense to hold domain names with high monetary worth. You should own your brand in that country, especially if you are a multinational operating in that country. However, as the quantity of third-party registrations grows, it becomes nearly impossible to maintain a defensive domain portfolio.
Businesses should instead monitor registrations to ensure that their brand is not being compromised. They should also harden their domain registration services while hardening their domain security with email authentication services including DMARC, DKIM, SPF, and BIMI. EmailAuth provides all these email authentication services glitch-free and promptly. EmailAuth also has free tools to check and validate your verify your DMARC records, DKIM records, SPF records, etc. EmailAuth is the one-stop solution for all email security needs!
Follow us on social media