Major corporations worldwide failing to fortify their domain security
In a recent report, cybersecurity firm CSC has highlighted a concerning trend: many of the world's largest companies, as listed in the Forbes Global 2000, are vulnerable to phishing attacks, business email compromise, and ransomware.
The report, released amid heightened awareness and concerns about ransomware involving critical infrastructure and major U.S. companies, found that 81% of Forbes Global 2000 companies do not use registry locks, a method for securing domain names. Furthermore, 57% of these companies are using consumer-grade registrars, which provide limited domain security methods.
This lack of security measures leaves these corporations open to potential attacks. Researchers fear that events like Monday's Facebook outage may provide the opportunity for malicious actors to launch a wave of phishing attacks.
One example of a domain registration attack is the stolen domain attack involving programming site Perl.com. Phishing has been identified as one of the top methods of gaining access to a corporate environment, yet major companies are failing to protect themselves and their customers from online attacks.
The report also reveals that out of the domains owned by third parties among Forbes Global 2000 companies, 60% were registered from 2020 through the first half of 2021, and this percentage could rise to 68% by the end of 2021.
There is a surge in copycat behavior leveraging malicious domain registrations to launch phishing attacks during big global events. Hackers can use these registrations as a means to commit phishing schemes. Phishing usually takes place through the compromise of a legitimate domain, a malicious domain registration, or through spoofing an email header.
Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with a focus on determining if their companies are potential targets for online attacks. The annual report does not provide specific details on which companies are most vulnerable or the extent of the potential damage from successful attacks.
However, the report does not offer solutions or recommendations for how companies can improve their domain registration security to better protect against online attacks. This leaves many questions unanswered and raises concerns about the preparedness of these large corporations to protect themselves and their customers from cyber threats.
As phishing schemes continue to plague companies and customers around the globe, it is crucial that these vulnerabilities are addressed to prevent further attacks and potential damage.
