Virtualization Technology News and Information
Article
RSS
CSC's 2023 Domain Security Report Finds Many Global 2000 Companies Neglect their .AI Domain Extensions Despite Surge in Popularity for Artificial Intelligence

CSC released its 2023 Domain Security Report which found that 43% of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, and they're actually registered by third parties. In addition, 49% of the .AI brand domains for these companies remain unregistered, leaving them exposed to fraud and brand infringement.

The 2023 Domain Security Report highlights how-despite rising phishing and online fraud-many companies are vastly unaware of the state of their domain name portfolio and overlook foundational domain security measures such as registry lock, domain-based message authentication, reporting, and conformance (DMARC), DNS security extensions (DNSSEC), and DNS redundancy. The rapid rise in AI adoption and integration further elevates the need for domain security investments. Driven by the trending popularity for AI, cybercriminals are now taking advantage of trusted brands by creating fraudulent .AI domain extensions that misdirect internet users. This is emphasized by the 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who realized .AI domains using their brand were misappropriated by third parties.

"Over the last year, we've seen a surge in cybercriminals exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. Companies need to deploy proactive monitoring and domain security measures beyond just foundational efforts," says Mark Calandra, president of CSC's Digital Brand Services division. "In addition, we warn about subdomain hijacking as our research shows that 1 in 5 companies have active DNS records that do not resolve, making them vulnerable to subdomain hijacking attacks. The report's findings point to a real need for companies to prioritize domain security if they wish to stay ahead of the numerous emerging threats on the horizon."

Additional key insights from CSC's research include:

  • 79% of lookalike domains are owned by third parties, up 4% from 2022
    Malicious actors continue to capitalize on lookalike domains (homoglyphs) that resemble the Global 2000 brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement.
  • 112 of the largest companies in the world had a domain security score of "0"
    Based on CSC's analysis of the adoption of key domain security measures, these companies do not deploy any recommended domain security measures, leaving them with the highest risk of domain security threats.
  • DMARC adoption grew 6% in 2023, up 28% since 2020
    With increasing volume and complexity of phishing attacks, industries continue to see value in DMARC, which validates emails and protects a company's email domain from being used for spoofing and phishing scams. This proven value can be seen in the significant growth rate of DMARC adoption over the last four years-from 39% in 2020 to 67% in 2023.
  • 46% of companies that use enterprise-class registrars also use registry lock
    Registry lock enables end-to-end domain name transaction security to mitigate human error and third-party risk, and it's especially effective in protecting domain names against accidental or unauthorized modifications or deletions. CSC's report emphasizes the value that enterprise-class registrars provide to companies looking to implement effective domain security and protect their brands, as only 7% of companies that use consumer-grade registrars have registry lock deployed.
  • 21% of DNS active subdomain records do not resolve, leaving companies vulnerable to subdomain hijacking
    In addition to analyzing the Forbes 2000 list of companies, CSC analyzed over 6 million DNS records from our database and identified over 440,000 DNS records by looking at A records and CNAMEs pointing to major cloud infrastructure. This can result in a subdomain hijacking attack by bad actors.

CSC's report provides a more detailed breakdown of the highest and lowest performing industries based on the adoption of key domain security features such as having an enterprise-class registrar, registry lock, certificate authority authorization (CAA) records, DNS redundancy, DNSSEC, sender policy framework (SPF), DomainKeys identified mail (DKIM) and DMARC. The top five highest performing industries include IT software and services; media; business services and supplies; hotels, restaurants and leisure; and healthcare equipment and services. The lowest performing industries include utilities, trading companies, food markets, construction and materials.

Download the 2023 Domain Security Report now.

Published Tuesday, October 17, 2023 12:32 PM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2023>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234