Lookalike domains are targeting Forbes Global 2000 brands to launch phishing attacks and other forms of digital brand abuse/IP infringement. Credit: Alpesh Ambalal Patel / Getty Images Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC’s Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020. The data follows Akamai research from August, which discovered increased malicious domain activity and phishing toolkit reuse based on DNS data.Domain security measure adoption slow, DMARC most popularAdoption of recommended domain security measures by Global 2000 companies has been slow in the last couple years, CSC stated. Measures such as DNS redundancy, registry lock, Certificate Authority Authorization (CAA) records, and DNS Security Extensions (DNSSEC) have seen only very modest growth since 2020. “With the risks of not having domain security in place potentially leading to phishing or ransomware attacks, and many other cyberthreats, we hoped to see a higher implementation of some of these security measures,” the report read.In contrast, adoption of DMARC has risen from 38.9% in 2020 to 61.5% in 2022. CSC cited the fact that Verified Mark Certificates (VMC) now require DMARC to be set up to ascertain Secure Sockets Layer (SSL) certificates as a key driver behind the adoption. “Additionally, Apple announced Brand Indicators for Message Identification (BIMI) in September and stated that its email clients for iOS 16 and macOS will support a broad industry effort to combat brand spoofing and impersonation. Senders that support BIMI must meet a strong standard of email authentication and this includes using the DMARC security standard,” the report added. Overall, companies with the most adoption of domain security measures had the “highest security score” based on CSC calculations, according to the report. Conversely, 137 companies were given a domain security score of zero, with most these based in the APAC region. Lookalike domains targeting firms to launch phishing attacks, abuse brandsLookalike/fake domains are targeting Global 2000s to leverage the trust placed on well-known brands and launch phishing attacks or other forms of digital brand abuse/IP infringement, CSC’s report read. Over 75% of homoglyph domains are owned by third parties, meaning that many of the world’s largest brands contend with web domains appearing to look like their brands that were maliciously registered, the firm added.GoDaddy, Namecheap, and PDR LTD are the companies most associated with fake domain registrations owned by third parties, the report stated. As for industry verticals, banking (10%), IT software and services (7%) and business services and supplies (5.5%) were listed as the sectors most targeted by fake domain registrations, with food markets (0.4%), semiconductors (1.7%) and media (1.8%) the least. High-profile domain cyberattacks should never be underestimatedDomain-based security threats are plentiful, but the most prevalent threats are the least exciting: phishing domains and BEC attacks using short-term domains registered for the purpose of attacking a customer, Peter Lowe, principal security researcher at DNSFilter, tells CSO. “However, the risk of higher-profile attacks should never be underestimated – with ransomware on the rise globally, protecting your network against communication with C2 domains can prevent critical loss of data, downtime, and potentially even expensive ransoms,” he adds.While adoption of domain-based security measures is steadily improving, there is still some way to go, Lowe says. “DNS as a threat protection layer is now being accepted as a standard part of security strategies, with the US government launching multiple initiatives to provide protective DNS and officially recommending it, along with guidance on how to select a service. However, it still lacks the focus and awareness it deserves from many MSSPs and individual companies.”To protect their domains, it’s crucial for organizations to use a trusted registrar that provides 2FA, registry lock, and DNSSEC built-in, along with a robust support department, Lowe says. “On the network side, selecting a DNS resolver that provides effective and configurable filtering over an encrypted DNS channel is essential. Any commercial resolver should also be providing a decent Anycast network behind the scenes and provide useful reporting that can give you insights into what’s happening on your network.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe