Major companies lag in adopting domain security
A majority of companies in the Forbes Global 2000 have been slow to adopt domain security measures that could help prevent them from ransomware attacks.
A new report from CSC finds 57 percent of the Global 2000 are relying on off-the-shelf consumer-grade domain registrars who offer limited security mechanisms to protect against domain and DNS hijacking.
In addition 81 percent of companies are not using registry locks, and only 50 percent are using DMARC to authenticate emails.
"Basic domain security measures continue to get overlooked because they're still not considered an essential component to a company's broader phishing, BEC, or ransomware mitigation approach," says Mark Calandra, president of CSC Digital Brand Services. "A focus on securing legitimate domains while monitoring for malicious domains in parallel needs to be a bigger priority for companies in order to stay protected and mitigate cyber risk. Otherwise, companies are exposing themselves to significant threats to their cybersecurity posture, data protection, intellectual property, supply chains, consumer safety, revenue, and reputation."
The report also looks at how bad actors are applying tactics to hide their tracks and accelerate their attempts to execute their attacks. It finds that among the 70 percent of third-party domains deemed to be suspicious, 77 percent use domain privacy services or also have WHOIS details redacted.
In addition 43 percent are configured with MX email records, giving them the ability to send phishing emails, and 56 percent are pointing to advertising, pay-per-click content, or being used for domain parking. 38 percent have inactive web content, while six percent are pointing to brand impersonation and malicious content including phishing and potential malware delivery.
You can find out more in the full report available from the CSC site.