CSC released its 2023 Domain Security Report
which found that 43% of Forbes Global 2000 companies do not have
control over their branded artificial intelligence (.AI) domain names,
and they're actually registered by third parties. In addition, 49% of
the .AI brand domains for these companies remain unregistered, leaving
them exposed to fraud and brand infringement.
The 2023 Domain Security Report highlights how-despite rising
phishing and online fraud-many companies are vastly unaware of the state
of their domain name portfolio and overlook foundational domain
security measures such as registry lock, domain-based message
authentication, reporting, and conformance (DMARC), DNS security
extensions (DNSSEC), and DNS redundancy. The rapid rise in AI adoption
and integration further elevates the need for domain security
investments. Driven by the trending popularity for AI, cybercriminals
are now taking advantage of trusted brands by creating fraudulent .AI
domain extensions that misdirect internet users. This is emphasized by
the 350% year-over-year increase in domain dispute cases involving .AI
extensions in 2023 from companies who realized .AI domains using their
brand were misappropriated by third parties.
"Over the last year, we've seen a surge in cybercriminals exploiting
AI's popularity by attempting to register the domains of trusted brands
for malicious activity. Companies need to deploy proactive monitoring
and domain security measures beyond just foundational efforts," says
Mark Calandra, president of CSC's Digital Brand Services division. "In
addition, we warn about subdomain hijacking as our research shows that 1
in 5 companies have active DNS records that do not resolve, making them
vulnerable to subdomain hijacking attacks. The report's findings point
to a real need for companies to prioritize domain security if they wish
to stay ahead of the numerous emerging threats on the horizon."
Additional key insights from CSC's research include:
-
79% of lookalike domains are owned by third parties, up 4% from 2022
Malicious actors continue to capitalize on lookalike domains
(homoglyphs) that resemble the Global 2000 brands to launch phishing
attacks, other forms of digital brand abuse, or IP infringement.
-
112 of the largest companies in the world had a domain security score of "0"
Based on CSC's analysis of the adoption of key domain security
measures, these companies do not deploy any recommended domain security
measures, leaving them with the highest risk of domain security threats.
-
DMARC adoption grew 6% in 2023, up 28% since 2020
With increasing volume and complexity of phishing attacks,
industries continue to see value in DMARC, which validates emails and
protects a company's email domain from being used for spoofing and
phishing scams. This proven value can be seen in the significant growth
rate of DMARC adoption over the last four years-from 39% in 2020 to 67%
in 2023.
-
46% of companies that use enterprise-class registrars also use registry lock
Registry lock enables end-to-end domain name transaction
security to mitigate human error and third-party risk, and it's
especially effective in protecting domain names against accidental or
unauthorized modifications or deletions. CSC's report emphasizes the
value that enterprise-class registrars provide to companies looking to
implement effective domain security and protect their brands, as only 7%
of companies that use consumer-grade registrars have registry lock
deployed.
-
21% of DNS active subdomain records do not resolve, leaving companies vulnerable to subdomain hijacking
In addition to analyzing the Forbes 2000 list of companies, CSC
analyzed over 6 million DNS records from our database and identified
over 440,000 DNS records by looking at A records and CNAMEs pointing to
major cloud infrastructure. This can result in a subdomain hijacking
attack by bad actors.
CSC's report provides a more detailed breakdown of the highest and
lowest performing industries based on the adoption of key domain
security features such as having an enterprise-class registrar, registry
lock, certificate authority authorization (CAA) records, DNS
redundancy, DNSSEC, sender policy framework (SPF), DomainKeys identified
mail (DKIM) and DMARC. The top five highest performing industries
include IT software and services; media; business services and supplies;
hotels, restaurants and leisure; and healthcare equipment and services.
The lowest performing industries include utilities, trading companies,
food markets, construction and materials.
Download the 2023 Domain Security Report now.