Don’t Let Your Domain Name Become a “Sitting Duck”

https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/

#sittingduckdomains #ALittleSunshine #LatestWarnings #MatthewBryant #DaveMitchell #DigitalOcean #TimetoPatch #WebFraud2.0 #DNSMadeEasy #Eclypsium #Hostinger #Digicert #Infoblox #SteveJob #APWG

💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
https://www.spamhaus.org/resource-hub/cybercrime/trends-policy-and-cheap-tlds-an-interview-with-dave-piscitello/

Look out for Part 2, which will be published tomorrow!

#M3AAWG #APWG #CAUCE #Interisle #CyberCrime #Cybersecurity

Good Monday all...

Today we've released a study,

Cybercrime Supply Chain 2023:
Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

https://interisle.net/CybercrimeSupplyChain2023.html

The major findings of the study are:

• 5M domains identified as serving as a resource for cybercrime.
• 1M domains reported for spam activity were registered in new gTLDs.
• 500,000 subdomain hostnames reported for serving as resources for cybercrime.
• 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
• Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
• The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

#cybercrime #spam #malware #phishing #dnsabuse

On the way to the #APWG (Anti-Phishing Working Group) #Tech2023 conference in Dublin to talk about #RDAP.

Pretty excited, as this is my first in-person talk ever since the pandemic started. :)

https://apwg.eu/event/tech2023/

The #APWG comments on the FTC proposed rule are posted. As a board member, I signed off on these.

In their comment, APWG concentrated on two issues:

1) WHOIS information is vital to the investigation of impersonation scams. The final rule should recognize the now acute issue of domain name registration data (“WHOIS”). While WHOIS data is critical to investigatory capability as it relates to online impersonation and crime, it unfortunately has been significantly truncated since the misinterpretation and over-implementation of the European Union’s General Data Protection Regulation (GDPR) by domain name registries and registrars. This underlines why a final rule is critically needed.

2) Trusted Notifiers are effective tools in impersonation mitigation. FTC should encourage the use of trusted notifier programs by registries and registrars as an avenue to address maliciously registered domain names, and should further encourage participation in trusted notifier programs by business or governmental entities that frequently are impersonated.

My $.02 Trusted Notifier (TN) programs will be essential to mitigating cybercrime but these cannot be left to #ICANN to define for many reasons, but most importantly, because ICANN's scope is limited to domain names, and having non-federated, individually scoped programs is a terribad idea.

#Whois #apwg #cybercrime #fraud #phishing

Proposed rule: https://www.regulations.gov/document/FTC-2022-0064-0002

APWG Comment: https://www.regulations.gov/comment/FTC-2022-0064-0073

#M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, https://cybercrimeinfocenter.org are cited as well.

The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

#infosec can effect change

Proposed Rule: https://www.federalregister.gov/documents/2022/10/17/2022-21289/trade-regulation-rule-on-impersonation-of-government-and-businesses#open-comment
Comment: https://www.m3aawg.org/sites/default/files/m3aawg_ftc_comments_on_impersonation_-_dec_2022.docx_.pdf