Urgent Actions Required To Respond to Growing Online COVID-Themed Scams and Phishing Attacks
Boston | March 31, 2020
Today, Interisle Consulting Group, a leading organization on the frontlines of cybersecurity issues, released a new report, Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic.
Across the Internet, everyone from individual consumers to advocacy groups to law enforcement agencies use domain registration information for vital purposes, including security scanning, problem-solving, and to provide legal and social accountability. “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate spam, phishing, malware campaigns and to peddle fake products,” said Dave Piscitello, partner at Interisle Consulting Group and editor of the report. “Investigators need quick, unencumbered access to domain registration data to disrupt COVID-themed attacks before they cause losses and harm. The problems our study exposes have made that all but impossible.”
The report was designed to measure the effectiveness and impact of the registration data policies of ICANN (Internet Corporation for Assigned Names and Numbers). Over the course of five months, Interisle analyzed the practices of 23 domain registrars, and how the registrars performed against five key standards. The report details how the registrars failed to meet contractual obligations and contactability goals in 40% of the cases studied, with problems in an additional 16% of cases.
“Domain registration data is supposed to be available in guaranteed, reliable ways. Unfortunately, we documented widespread failures, both technical and legal,” said Greg Aaron, the author of the study. “These problems make it hard to distinguish bad Internet actors from good, severely impacting public security. And they make it harder to communicate and solve a range of other problems, eroding trust on the Internet.”
Other findings show that access to critical registration data has been significantly curtailed over the past two years, and ICANN compliance problems. The report also recommends actions that can be taken to ensure a healthy Internet and naming system. The full report can be found at: http://interisle.net/domainregistrationdata.html.
About Interisle Consulting Group
Interisle Consulting Group is comprised of experienced practitioners with extensive track records in industry and academia and world class expertise in business and technology strategy, Internet technologies and governance, financial industry applications, and software design. Interisle is focused on resilient systems, networks, and organizations, and the research it conducts for clients frequently leads to insights with lasting significance. More information is available at www.interisle.net.