Domain security

600x338-rid_98dabc55-db66-4859-a09c-a201d0e1c366.png

After a recent report found that poor domain security has left most Global 2000 companies vulnerable to the threats of phishing and brand abuse, we take a closer look at domain security and how businesses can maximise their protection against popular threats,

CSC Research – Domains Dangerously Under-Protected

Recent research by US-based CSC, which describes itself as “a world leader in business, legal, tax, and domain security” has shown that web domains of the Global 2000 companies remain dangerously under protected. The research revealed some worrying statistics, including:

81 per cent of companies are not using registry locks. Not using a registry lock means that (for example) a registrar could move your domain to another registrar on its own and/or the domain could be hijacked. 70 per cent of homoglyph (i.e. fuzzy match) domains are owned by third parties . This is a tactic known to be commonly used in phishing and brand abuse (refer ‘typosquatting’) . A homoglyph (name spoofing) attack uses processes or domain names that are visually similar to legitimate and recognised names to fool unsuspecting users, who may not notice a minor difference (e.g. Unicode characters from non-Latin character sets) in the domain name, into clicking on a malicious link. Only 50 per cent are using Domain-based Message Authentication, Reporting, and Conformance (DMARC) records as an email authentication method. 43 per cent are configured with MX (email) records that can be used to send phishing emails or to intercept email. 57 per cent of the Global 2000 are relying on off-the-shelf consumer-grade registrars who offer limited domain security mechanisms to protect against domain and DNS hijacking.

Also, the research found that among the 70 per cent of the third-party domains deemed suspicious:

56 per cent were pointing to advertising, pay-per-click content, or being used for domain parking (registering a domain name but not linking it to any services e.g., e-mail or a website). 38 per cent had inactive web content (there are technical problems, problems with the account, or they don’t have nameservers associated with them).

What Are The Main Risks and Threats To Domain Security?

Some of the main risks and threats to your domain security include:

Your registrar being compromised or hackers gaining access to your account with the company where you registered your domain name, or to the e-mail address that “reset password” forms on their websites send emails to. This can allow hackers to transfer the domain to another registrar, gaining complete ownership over it. Domain spoofing, used by phishers and malicious third parties to fool users into clicking onto domains that are visually similar to the legitimate domain e.g., Fuzzy matches/typo squatting, Homoglyphs – IDNs, Cousin domains, Keyword match, and Homophones (Soundex). Cybersquatting/brand jacking/name jacking i.e., the unauthorised registering and use of a domain name that is identical or similar to trademarks, service marks, company names, or personal names. In the US, this is a crime under the 1999 Anti-Cybersquatting Consumer Protection Act (ACPA). Sophisticated DNS attacks that can allow hackers to create confusion and redirect some of your website users to their servers. Reverse domain hijacking – i.e. whereby another entity deliberately registers something with the name of your domain/trademark and accusing you of stealing their domain. Not having DNS redundancy – i.e. a lack of a failsafe solution or a backup mechanism for DNS outages, such as having a having secondary DNS. A lack of DNS redundancy can leave the business open to threats like a reduced resiliency to DDoS attacks, and the associated problems of down-time, disruption to business continuity, revenue loss and diminished reputation. Not using certificate authority authorisation (CAA) records i.e., not designating a specific certificate authority (CA) to be the sole issuer of certificates for your company’s domains. Not using CAA could allow a cybercriminal to use the appointed certificate authority to get a new certificate and could represent a threat to compliance. Not authenticating the company’s email channel with DMARC, SPF, or DKIM. Sender Policy Framework /SPF, for example, enables a domain to state which servers can send emails on its behalf, and DMARC is an email validation system. Not authenticating the company’s email channel can leave the business open to threats like having the company’s email domain being used for email spoofing, phishing scams, and other cybercrimes. Not staying on top of matters relating domain renewals, thereby potentially allowing a company domain to be purchased and used by another party, perhaps for malicious purposes. Not having a security certificate (https). This protocol uses encryption to protects the integrity and confidentiality of data between the user’s computer and the site. The authentication aspect proves that users are communicating with the intended website, and can, therefore, protect against man-in-the-middle attacks and build/maintain user trust, not to mention improving the search engine profile and ranking.

What About GDPR Domain Masking?

The introduction of GDPR meant that the identity of a domain name registrant couldn’t be published in the public WHOIS database (without consent) and without the risk of penalties. This, however, is a two-edged sword, as it gives criminals more anonymity for registering domain names for malicious purposes, and can stop investigators and security professionals from uncovering dangerous/malicious/phishing website owners. There are, however, ways for cybercriminals and investigators to find out the identity of a domain owner.

How To Boost Your Domain Security

Despite significant potential domain security risks and threats, there are a number of measures that you can take to plug this potential gap in your business cyber security strategy. These measures include:

Choosing a professional, reliable, and reputable business-focused registrar. Authenticating your email channel with DMARC, SPF, or DKIM to minimise the incidence of email spoofing and potential phishing. Using enterprise-grade DNS hosting. This could mean consolidating your domain, DNS, and digital certificate providers into one enterprise-class provider. Incorporating secure domain, DNS, and digital certificate practices into the overall cyber security posture. Using a registry lock for your domain to prevent the risks of administrative and technical hijacking. Using domain privacy services and ensuring that WHOIS details are redacted. Ensuring that there is DNS redundancy (a failsafe/backup for DNS outages e.g., a secondary DNS). Adding CAA records to allow for policy enforcement and to mitigate cyber threats such as HTTPS phishing of hijacked sub domains. Buying security certificates for domains (https). Continuous monitoring of the domain space and key digital channels e.g., marketplaces, apps, social media, and email for any evidence of brand abuse, infringements, phishing, and fraud. Minimising third-party risk by looking at/auditing the business practices of the domain registrar to make sure they are not contributing to fraud and brand abuse e.g., through operating domain marketplaces, domain name spinning, and more. Maintaining good basic cyber security practices that can prevent hacks or accounts being compromised that could lead to domains being hijacked and more.

What Does This Mean For Your Business?

The security of your company domain(s) is an often overlooked part in the cyber security strategy of a business and yet, a domain is direct, public part of your brand and reputation that (if successfully attacked and compromised) could lead to huge technical, legal, monetary, and reputational damage to your business. Research, such as that by CSC, confirms that businesses are still taking big risks by not addressing domain security, and cybercriminals use domains as a key part of popular attack methods such as phishing.

There are, as outlined in the article, basic measures that businesses can take to make sure that their domains are protected, and that threats to domain security are addressed.

About Us

J700 Group are a Lancashire-based, family-run, professional and responsive, Managed Solutions Provider helping Businesses, the Education Sector, and the Healthcare Sector to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.

As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions; Contact us today to see how we can help your business.

Enjoyed this? Read more from J700 Group Limited

Latest news

1

For sale signs at The Villa Villa Wrea Green has been brought to market (Image credit: The Villa Wrea Green)

For sale signs at The Villa

02 Apr 2025

2

Ancoris and Sundown combine to form Telana: experts in applied innovation Telana

Ancoris and Sundown combine to form Telana: experts in applied innovation

02 Apr 2025

3

Montane group expands with new Lancashire hub Anthony Rae Scott Murcott And Adam Lee

Montane group expands with new Lancashire hub

02 Apr 2025

4

Trio of wins for Lancaster brand and digital consultancy Tom Grattan MD and Daniel Wallace

Trio of wins for Lancaster brand and digital consultancy

02 Apr 2025

5

College excellence highlighted in Ofsted report Fazal Dad

College excellence highlighted in Ofsted report

02 Apr 2025

Pc Prestonmacan Gif980x120 March
Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
Lancashire Net Zero Carbon Conference
Net Zero Carbon Social 1200px
Networking
18 Jun 2025

Lancashire Net Zero Carbon Conference

Crow Wood Hotel & Spa Resort, Burnley, BB12 0RT

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

RISE - The Academy for Female Leaders and Managers
WENDY BOWERS RISE Illustrstion copy.jpg.jpg
LBV Hub Seminars
02 Apr 2025 - 08 Oct 2025

RISE - The Academy for Female Leaders and Managers

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:00 - 15:30

WHN Charity Quiz Night
Evenbrite Quiz 2025.png.png
LBV Hub Fundraisers
03 Apr 2025 - 03 Apr 2025

WHN Charity Quiz Night

The Stables Country Club, Bury , BL9 1PU

18:00 - 22:00

Chamber Breakfast Networking – April
Chamber logo - new-02.png.png
LBV Hub Networking
03 Apr 2025 - 03 Apr 2025

Chamber Breakfast Networking – April

The Dukes Theatre, Lancaster, LA1 1QE

08:00 - 10:00

Lancashire Business Expo 2025
https---cdn.evbuc.com-images-880395853-4862066883-1-original.20241022-091152-2.jpeg.jpg
LBV Hub Exhibitions
04 Apr 2025 - 04 Apr 2025

Lancashire Business Expo 2025

Sir Tom Finney Sports Centre, Preston, PR1 2HE

09:00 - 15:00

The Business Network Central & East Lancashire
LBV Hub Networking
24 Apr 2025 - 24 Apr 2025

The Business Network Central & East Lancashire

Stanley House, Blackburn, BB2 7NP

11:30 - 14:15

Planning for the future + navigating Inheritance Tax changes
Planning for the future + navigating Inheritance Tax changes for website.png.png
LBV Hub Seminars
01 May 2025 - 01 May 2025

Planning for the future + navigating Inheritance Tax changes

Stanley House Hotel, Mellor, Blackburn, BB2 7NP, Blackburn, BB2 7NP

08:00 - 10:30

A night at the races
1.png.png
LBV Hub Dinners / Balls
02 May 2025 - 02 May 2025

A night at the races

Morecambe FC, Morecambe, LA4 4TB

19:00 - 23:59

Amber River True Bearing quarterly investment seminar
LBV Hub Seminars
22 May 2025 - 22 May 2025

Amber River True Bearing quarterly investment seminar

Cottons Hotel & Spa , Knutsford, WA16 0SU

16:00 - 18:00

Liverpool Business Expo 2025
https---cdn.evbuc.com-images-881365363-4862066883-1-original.20241023-085714.jpeg.jpg
LBV Hub Awards
23 May 2025 - 23 May 2025

Liverpool Business Expo 2025

Aintree Racecourse , Liverpool , L9 5AS

09:00 - 15:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more Lbv121 Online Graphic
Subscribe now

Weekly news bulletin