By Sue Watts, Global Marketing Leader Share this post
Following a public announcement from the FBI and CISA warning the public to avoid spoofed election-related internet domains, CSC announced research findings that show the overwhelming majority of registered typo domains related to the election are vulnerable. Cybercriminals can use domain spoofing to make a fraudulent domain name (e.g. by using a typo of an original legitimate domain) that mimics the domain of the real website.
As noted in our recent blog post “U.S. Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security,” nearly 70% of typo domains linked to third parties are configured to send and receive emails (have MX records configured), were registered in January of 2020 or after and are using privacy protection. As a point of reference, CSC’s managed corporations only use privacy or proxy services for about 2% of their domain portfolio. This tells us that the true owners of these misspelled domains may have some nefarious intentions.
CISA has initiated the #PROTECT2020 call to action to secure “to enhance the integrity and resilience of the Nation’s election infrastructure, and ensure the confidentiality, truthfulness, and accuracy of the free and fair elections necessary for our American way of life.” The FBI and CISA urge citizens to be aware of these crimes, and evaluate the websites they visit, and to seek out reliable and verified websites on election information.
As an organization with the most visibility into the domain landscape, CSC advocates for both presidential candidates and other election-related websites to prioritize domain security to ensure security and build confidence. Organizations such as Spamhaus have been advocating for more security to protect against domain name hijacking, and the security posture of the domain name registrars that manage internet domains.
Furthermore, CSC reported that over 90% of the election domain ecosystem lacks basic domain security protocols such as registry locks, and over 75% of these election-related domains are registered with retail-grade domain registrars (vs enterprise-level registrars) that generally do not provide advanced security protocol or a defense in depth approach. Therefore, these internet domains are vulnerable to domain name and DNS hijacking, phishing, malware payload delivery, typosquatting and many other attacks.
Here are some domain security best practices we recommend:
- Secure access to domain and DNS management systems, including two-factor authentication, IP validation, and federated ID
- Gain control of the user’s role and permissions within the company’s domain and DNS management systems, with insights into elevated access controls and an authorized contact policy
- Make use of advanced security features, including vital domain identification, DNSSEC, CAA records, registry lock and DMARC
- Develop end-to-end expertise that can detect, analyze, and mitigate digital brand and fraud threats, including the ability to execute takedowns worldwide
- Work with an enterprise-class domain name registrar