DOMAIN SECURITY REPORT
2021
With cyber crime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk.
KEY FINDINGS
70% of homoglyph domains (fuzzy matches)—a tactic commonly used in phishing and brand abuse—are owned by third parties and registered with consumer-grade registrars. Of these domain registrations, over 60% have been registered in the last two years, which demonstrates that this is an accelerating attack method.
81% are at greater risk of domain name and domain name system (DNS) hijacking because they have NOT adopted basic domain security measures like domain registry lock.
57% are relying on consumer-grade domain registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning.
Only 50% are using a Domain-based Message Authentication, Reporting, and Conformance (DMARC) records as an email authentication method.
DOMAIN SECURITY IS YOUR FIRST LINE OF DEFENSE TO MITIGATE CYBER ATTACKS IN THE EARLY STAGES
Most cyber attacks, including ransomware, begin with phishing, but protection and response measures don’t adequately address phishing risks in the early stages of a ransomware attack because they do not include domain security measures to protect against the most common phishing attacks.
PHISHING ATTACKS
Malicious domain registrations i.e., confusingly similar domain such as homoglyphs
Unmonitored third-party domain registrations
Compromised or hijacked legitimate domain names
Compromised domain registrar, DNS hosting provider, email provider
Email header spoofing
Lack of email authentication
RISK MITIGATION EFFECTIVENESS SCALE
Some industries—including healthcare equipment and services, drugs and biotechnology, chemicals, and household and personal products—have found themselves in the spotlight because of COVID-19. The increased demand on these industries have made them key targets for cyber criminals, yet they appear in the middle-to-lower half of the risk mitigation effectiveness scale.