Source URL: https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
Source: Krebs on Security
Title: Why Phishers Love New TLDs Like .shop, .top and .xyz
Feedly Summary: Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.
AI Summary and Description: Yes
Summary: The text discusses the significant increase in phishing attacks largely attributed to the proliferation of low-cost generic top-level domains (gTLDs). It highlights how the domain name industry is being leveraged by cybercriminals due to lenient registration practices. This trend raises critical concerns for information security professionals, especially regarding potential compliance issues with malicious domain registrations and phishing threats.
Detailed Description:
The provided content details a study conducted by Interisle Consulting that reveals a striking 40% increase in phishing attacks within a specific timeframe, particularly exploiting new gTLDs. The research draws attention to a few critical points regarding phishing and cybercrime dynamics in the context of domain registrations:
– **Growth in Phishing Attacks**: A nearly 40% rise in such attacks has been observed, with new gTLDs accounting for a significant share of cybercrime domains despite representing only a small portion of the total domain market.
– **Cheap and Lenient Registration**: The new gTLDs attract scammers due to their affordability (often under $1 for registration) and lack of stringent verification processes for registrants.
– **Statistics from the Study**:
– New gTLDs comprise just 11% of the new domain market but 37% of reported cybercrime domains between September 2023 and August 2024.
– Traditional domains such as .com and .net had lower percentages (just over 40% of cybercrime domains), emphasizing the relative safety associated with established domains.
– **ICANN’s Role and Strategy**: Despite the evident exploitation of new gTLDs by criminals, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to continue releasing more gTLDs in 2026, raising concerns regarding future compliance and regulation.
– **Impact of Subdomain Providers**: The report notes a significant trend where phishers are increasingly utilizing subdomain services (like blogspot.com) instead of registering new domains. This loophole complicates efforts to mitigate phishing as the responsibility lies primarily with the subdomain providers to manage malicious activities.
– **Recommendations for Subdomain Provider Management**:
– Limiting the number of subdomains that can be created simultaneously by users.
– Implementing stricter controls on automated account sign-ups to deter criminal exploitation.
This analysis emphasizes the growing complexity and challenges in combating phishing attacks, particularly as cybercriminals adapt to loopholes in domain registrations. For security and compliance professionals, the insights underscore the urgent need to advocate for more robust domain registration policies and proactive measures to mitigate the risks associated with subdomain services. There are significant implications for regulations and governance concerning the responsibilities of domain registrars and the oversight of new gTLDs to protect against cybercrime effectively.