Domain registrar CSC on Tuesday reported that three out of four Forbes Global 2000 companies have implemented less than half of all domain security measures, exposing them to high security risks.
The report also found that lookalike domains are also targeting these top companies, with 75% of homoglyph registrations registered to unrelated third parties. The result: many of the world’s leading brands must contend with maliciously registered domains that look like their brands.
Given all the news about phishing attacks — including their increase in volume and complexity — it makes sense that domain-based message authentication, reporting, and conformance (DMARC) adoption has increased by 12% in the last 12 months. However, growth in other domain security measures, such as registry lock, domain name system (DNS) redundancy, DNS security extensions (DNSSEC), and certificate authority authorization (CAA) records saw limited increases year-over-year.
Mark Calandra, president of CSC’s Digital Brand Services, said companies need to make securing legitimate domains while monitoring for malicious domains a bigger priority, especially for companies that advocate for zero-trust principles.
“Otherwise, companies are exposing themselves to significant enterprise risks that can impact their cybersecurity posture, data protection, intellectual property, supply chains, consumer safety, revenue, and reputation,” Calandra said.
Imposter or lookalike domains can pose a serious security threat to companies large and small, said Patrick Tiquet, vice president, security and architecture at Keeper Security. Tiquet said a common defense against these rogue imposter domains is for companies to purchase the most likely domains that users may mistake for their legitimate domain. However, it's not a 100% effective method of protection, as there are often countless and unpredictable ways a user may get tricked by an imposter domain.
“An organization may find itself in a ‘whack-a-mole’ situation, where once it shuts down a malicious imposter domain, another pops up in its place with slight variation in spelling,” Tiquet said.
John Bambenek, principal threat hunter at Netenrich, added that nothing on the internet happens that doesn’t begin without a DNS request. Similarly, nothing bad on the internet starts without a DNS request.
“It’s the invisible glue that holds the internet together and while it was not designed for how we use it today (with minimal built-in security functions) some are there,” Bambenek said. “DMARC is one of the single best tools to prevent email-based brand impersonation. CAA can help prevent errant certificate issues. Most people don’t see major DNS issues in the news. However, very simple measures can help mitigate a wide variety of threats and they are free and easy to deploy.”
Muralidharan Palanisamy, chief solutions officer at AppViewX, said homoglyph or lookalike domains are widely used to launch phishing attacks. Since the technology behind DNS has not experienced major changes, its budget typically stays the same and security teams oversee the challenges and risks with DNS. Thus, Palanisamy said it’s important for enterprises to implement some of the leading security features like DNSSEC and CAA that are not easy to maintain without automation.
“Apart from this, lookalike domains are a challenge,” Palanisamy said. “Registering these domains is not easy and ultimately requires teams to leverage a reputed domain registrar to help mitigate this to a certain level. Security is multi-faceted and organizations have to look at all these areas to mitigate the risks."