An ICANN-funded study conducted by KOR Labs has shed light on the correlation between low-cost, automated domain registrations and phishing abuse. The study, named INFERMAL, analyzed 29,000 domains over a two-year span to identify registrar practices associated with malicious domain registrations.
Unsurprisingly, the research found that registration cost plays a significant role in the proliferation of maliciously registered domains. Malicious domains were found to have been registered at an average cost of $4.71, considerably lower than non-malicious domains which were registered at $8.62 on average.
One of the key takeaways from the study was the exploitation of bulk discounts and promotional pricing by bad actors, especially when combined with automated registration through open APIs. Registrars offering such APIs were linked to a 401% increase in abuse compared to those that did not provide such services.
Additionally, the study revealed that free DNS and bundled hosting services were associated with higher abuse rates. While these features are commonly utilized by legitimate registrants, they were also leveraged by bad actors to facilitate malicious activities.
The most effective deterrents against abuse were found to be proactive measures implemented at the time of registration. Registrars that enforced identity verification, Know Your Business Customer (KYBC) procedures, or activation delays witnessed a significant drop of 63% in abuse cases.
However, the study highlighted that registration restrictions alone are insufficient in combating abuse. It pointed to the .dk TLD as a successful case due to its mandatory KYBC requirement, resulting in low abuse levels. In contrast, the .cn TLD, despite requiring identity checks, continued to experience high levels of abuse.
Reactive actions, such as swift domain suspensions after appearing on blocklists, were found to have minimal impact in deterring phishing attacks. Given that phishing attempts often succeed within hours, preventative measures need to be in place before domains are exploited for malicious purposes.
The report emphasized that a combination of factors, including low cost, automation, and lack of verification, attracts bad actors to exploit domain registrations for illicit activities. ICANN is now considering further research on abuse patterns beyond phishing, comparative studies across country-code TLDs, and longitudinal studies on domain lifecycle and abuse evolution.
In conclusion, the study underscores the importance of addressing the root causes of domain abuse through a multi-faceted approach that combines cost considerations, automation safeguards, and robust verification processes to safeguard the integrity of the domain name ecosystem.
📰 Related Articles
- Study Reveals Link Between Dysglycaemia and Valvular Calcification
- Thyroid Ultrasound Reveals Aggressive Cancer Risk: Case Study Insights
- Study Reveals: Less is More for Health-Boosting Coffee
- Study Reveals Tectonic Plate Movement in Turkey’s Fault Zone
- Study Reveals Success of Sonography Peer Tutoring Program