Cyber

Report: More domains, more problems

The further we move from .com, the more room we give hackers to target unsuspecting victims

December 2, 2015

The world to the right of the dot is getting larger with the addition of hundreds of new generic top-level domains like .club, .xyz and .guru, and security firm Raytheon|Websense says they are a boon for hackers, cyber thieves and online scam artists.

The Internet Corporation for Assigned Names and Numbers, which sanctions the new gTLDs, has authorized more than 800 of them as of November, according to Raytheon’s 2016 Websense Security Predictions report.

Within the next few years, that number is expected to swell by an additional 1,300. Some new examples include .car, .wine, .mom and .family, as well a number of big brands.

“For those accustomed to the old Internet of .com, .edu, .gov, .net, .org, and .info; your intimate little neighborhood is about to get a lot more neighbors,” states the report, out Wednesday.

While this expansion will create vast new tracts of Internet real estate, it is currently “primarily an asset being cultivated by criminals to confuse users and to ensnare and entrap their computers with malware,” Raytheon|Websense warns.

“Will consumers shopping for a computer steer towards shop.apple, apple.macintosh or apple.computer? Will businesses users with Salesforce accounts respond to an email that comes from renewal.salesforce, salesforce.software or salesforce.updates?” The report asks.

“This potential confusion is a golden opportunity for criminals and nation-state attackers to create highly effective social engineering lures to steer unsuspecting users toward malware and data loss,” the authors argue.

The company’s experts have predicted a mushrooming in spam campaigns as a direct result of domain expansion. In an analysis of several different new gTLDs, they concluded that millions of URLs were “suspicious or directly malicious.”

More perturbing is that defenders are largely unprepared to face a threat pool of this magnitude. If the cybersecurity industry is to counter the domain threat, proactivity coupled with close monitoring will be critical, argue the report authors.

“Defenders should recognize that all new technologies hold possibilities for adoption by attackers,” said the report. “Thus, the savvy defender should carefully consider each major change to our ecosystem before waiting for the wave of attacks.”

An earlier version of this story erroneously identified the company publishing the report as Raytheon. It is Raytheon|Websense.

Report: More domains, more problems

More Like This

Cybersecurity executive order requirements are nearly complete, GAO says

Federal CIO calls on Congress to fund Technology Modernization Fund

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

Scientists must be empowered — not replaced — by AI, report to White House argues

White House hopeful ‘more maturity’ of data collection will improve AI inventories

404 page: the error sites of federal agencies

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

State Department encouraging workers to use ChatGPT

More Scoops

The fixes needed to fight phishing

Report: Malware, stolen IDs top items for sale on dark web

Latest Podcasts

Report: More domains, more problems

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Los Angeles CIO discusses how AI and cloud technologies transform urban public services

Tech

Defense

Cyber

Acquisition