Guest Post: New gTLD Use: Boon or Bane to Cybersecurity?

1

This is a sponsored guest post. WhoisXML API made a very generous contribution to Dana-Farber Cancer Institute as a part of my Pan-Mass Challenge fundraising campaign in exchange for the publication of this article.

The number of Internet users has skyrocketed from 44 million in 1995 to 3.4 billion in 2016. In parallel, over the past 24 years, the number of websites has risen from one—the first website created by the European Organization for Nuclear Research (CERN)—to close to two billion of them.

It’s no wonder that the legacy gTLD space—.com, .info, .net, and .org—is becoming saturated. It doesn’t help that purchasing a domain name in this sphere costs much more than acquiring one with a ccTLD or new gTLD extension. A .com domain can cost a company millions of dollars. In comparison, even the most expensive domains sporting a new gTLD only cost thousands even if these actually fit a brand better than a .com or other legacy domain name.

It makes you wonder why companies continue to opt for older TLDs, right? These arguments may shed some light as to why.

Low-Cost Spamming Tool

Whenever a vendor introduces a new gTLD to the market, there’s a tendency to offer bulk purchases for a meager sum. Though this is an effective marketing and sales strategy for the seller, it could be attracting the attention of spammers looking for cost-effective means to distribute threat-laced emails to as many potential victims as possible.

This fact was mainly what researchers observed as early as 2016, about three years after the first set of new gTLDs were made available to the public. Most of the domains that had ties to spam botnets and similar attacks used new gTLDs for three major reasons:

  • Lack of evidence of good reputation from old customers with legitimate long-time domains
  • Newly deployed anti-abuse mechanisms that may still not be up to the task
  • Meager prices, sometimes even free, attracting bulk registrations of easy-to-dispose-of domains

More Spoofing Choices for Phishers

We all know that phishers spoof the most popular sites to gain as many victims as possible for their campaigns. The introduction of new gTLDs to widen the pool for website owners, unfortunately, also gave phishers more opportunities to mimic the most prominent brands using less commonly known extensions.

This observation was supported by the June 2019 findings in the monthly Domain Abuse Activity Reporting (DAAR) System report. Over time, new gTLDs have surpassed legacy gTLDs as threat sources. Though the majority of threats connected to new gTLDs had to do with spamming, about 14% of the total accounted for phishing incidents.

Less-Experienced Domain Operators

The Internet Corporation for Assigned Names and Numbers (ICANN) essentially allowed practically every individual or organization to operate a gTLD so long as they meet specific criteria with the New gTLD Program

As with any business, domaining requires a certain level of expertise in screening customers. This criterion could play a critical part in ensuring the safety of one’s offerings against potentially malicious users. As such, the more experienced a domain operator is, the more measures it has in place to counter abuse.

A domain operator’s lack of effective vetting procedures can be a cause for the rise in the use of new gTLDs in cyber attacks as evidenced by the growth in the number of botnet- and malware-related activities tied to domains stemming from the space.

While the growth in the use of new gTLDs isn’t altogether a bane for cybersecurity, website owners, relevant authorities, and anyone who doesn’t want to end up a cyberattack victim need to make sure that they aren’t unprepared to rise to the challenges presented by a wider potential attack surface. Organizations need to be aware of the presence of domains sporting relatively unknown TLDs to stay protected.

One way of doing that is to widen their threat monitoring and research intelligence. Integrating a comprehensive source of domain intelligence that spans the entire TLD space, including new gTLDs, into their existing security applications and systems is critical if they are to maintain a threat-free environment.

Jonathan Zhang
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies. TIP is part of the WhoisXML API Inc. family, a trusted intelligence vendor by over 50,000 clients.

Note: Guest writers are not endorsed by Publisher (Elliot Silver) or Top Notch Domains, LLC.

1 COMMENT

Leave a Reply