CSC Finds Majority of World’s Largest Companies Susceptible to Phishing and Brand Abuse Due to Improper Domain Security
For immediate release
September 28, 2021
For more information:
Steve Bosk
W2 Communications
215-378-1056
CSC@w2comm.com
CSC® News Room
Despite 60% surge in dangerous third-party domain registrations, domain security is an underutilized security component to curb phishing and related ransomware attacks
WILMINGTON, Del. – CSC®, a world leader in business, legal, tax, and domain security, today released its annual Domain Security Report: Forbes Global 2000 Companies, which found that despite the shift to modernize business environments and operations among the Global 2000 companies, web domains remain dangerously under protected.
CSC's research also shows that most Global 2000 companies continue to lag in the adoption of domain security measures. Most notably, 81% of companies are not using registry locks. Other concerning findings illustrate that domain security remains an afterthought for many brands:
70% of homoglyph (fuzzy match) domains—a tactic commonly used in phishing and brand abuse—are owned by third parties
57% of the Global 2000 are relying on off-the-shelf consumer-grade registrars who offer limited domain security mechanisms to protect against domain and DNS hijacking
"Basic domain security measures continue to get overlooked because they're still not considered an essential component to a company's broader phishing, business email compromise, or ransomware mitigation approach," said Mark Calandra, president of CSC Digital Brand Services. "A focus on securing legitimate domains while monitoring for malicious domains in parallel needs to be a bigger priority for companies to stay protected and thwart cyber risk. Otherwise, companies are exposing themselves to significant threats to their cyber security posture, data protection, intellectual property, supply chains, consumer safety, revenue, and reputation."
CSC's additional findings leave little doubt that bad actors are applying tactics to hide their tracks and accelerate their attempts to execute their attacks. The research found that among the 70% of third-party domains deemed suspicious:
77% used domain privacy services or also had WHOIS details redacted
43% are configured with MX email records, giving them the ability to send phishing emails
56% were pointing to advertising, pay-per-click content, or being used for domain parking
38% had inactive web content
6% were pointing to brand impersonation and malicious content including phishing and potential malware delivery
The rise of cyber crime and digital fraud, along with a steady increase in domain registrations over the last 18 months, necessitates more industry oversight. At the same time, it's imperative that companies get proactive with their domain security moving forward. Including security measures can help mitigate phishing—a common starting point in most ransomware attacks. Companies need to take a more aggressive cyber security approach to disrupt criminal activities taking place across their domain ecosystem.
Download the report now at cscdbs.com/securityreport.
To learn more about CSC's approach to domain security, visit cscdbs.com.
About CSC
CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® for enterprise domain names, domain name system, and digital certificate management, as well as digital brand, fraud, and phishing protection. We secure companies against cyber threats to their online assets using our proprietary security solutions, helping them avoid devastating revenue loss, brand reputation damage, or significant financial penalties. We also provide a combination of online brand monitoring and enforcement, taking a holistic approach to digital asset protection. Learn more about our domain management, security, brand protection, and fraud protection services at cscdbs.com.
Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve.