With the increase in cybercrime, businesses in 2021 have seen an increase in ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks and misuse. brand and branding online. As the cyber risk of domains increases, the level of action by Forbes Global 2000 companies to improve their domain security has remained unchanged, leaving these companies at even greater risk.
The risk of not addressing the security of your domain can be catastrophic. Domains that are not protected pose a significant threat to your cybersecurity posture, data protection, consumer safety, intellectual property, supply chains, revenue, and reputation.
70% of third-party domains target Forbes Global 2000 with suspicious or malicious activity
The intention of malicious domain registrations is to leverage consumer trust placed in the targeted brand to launch phishing attacks or other forms of digital brand abuse or intellectual property infringement that result in loss of revenue, traffic diversion and damage to the reputation of the brand. There are countless domain spoofing tactics and permutations that can be used by phishers and malicious third parties.
In the 2021 Domain Security Report, we identified and analyzed the domains containing the brand names with more than six characters from the Global 2000 companies that were not owned by the brands themselves. Based on frequent observations of use in phishing domains, our analysis included common Latin character substitutions, for example, using C0rnpanyNarne.com to look like CompanyName.com.
Among the domains owned by third parties, how are these third-party domains currently used?
Based on the analysis of these third-party domains, many have a high propensity to be used as malicious domains for cyber attacks. Registrants typically hide behind privacy services or WHOIS written to hide their identity, register domains that look like known brands, and use tactics to appear legitimate to trick an end user into clicking a link or trusting them. a site that infringes a trademark.
We recommend that businesses have a robust domain, web, and phishing monitoring program in place with opt-out capabilities. They should also establish a 360-degree secure domain management strategy to record exact matches, protect against various domain spoofing tactics such as homoglyphs, fuzzy matches, cousin domains, as well as registering on other domains. new generic top-level domains (gTLDs) and country-code domain extensions associated with countries of operation and sale, in addition to other high-risk countries and extensions.