Domain name dangers, and how to avoid them
Most businesses today are well aware of the need to protect their business assets from online threats, but one vital asset gets very little attention in many businesses: its portfolio of domain names.
A business can suffer significant damage if it becomes uncontactable online. In some cases, it could cause reputational damage, in a worst-case scenario, a business focussed on trading online can quite likely cease to exist. Here’s how that can happen and what you need to do to avoid this!
Forgetting to renew
Domain names are often set-and-forget assets. Once they are registered, unless changes are required, no further action is needed until they are due for renewal, usually several years after registration.
This is by far the most common domain name error, and some of the biggest names on the net have suffered the consequences.
Foursquare started life as a local search-and-discovery mobile app and is now a global online brand. It allowed registration of Foursquare.com to lapse in 2010 due to a ‘billing glitch’ with their domain registrar.
In 2013 customers of two UK banks, Clydesdale Bank and Yorkshire Bank, were locked out of their online accounts because their owner, Australia’s NAB, forgot to renew the domain name for its group name server, nabgroup.com, that directed requests for those websites to the correct destinations.
In 2003 Microsoft forgot to renew the domain name hotmail.co.uk, and someone purchased the domain. The buyer then tried to contact Microsoft to offer them the name but he was ignored. Only when news site The Register contacted Microsoft almost two weeks later to ask why someone else owned their domain did they take notice and recover it.
Not renewing names you might not need can also be damaging. Heinz used fundorado.com for a competition in 2013 and 2014. The site was reached by scanning a QR code on ketchup bottles. When the competition ended Heinz let the name lapse and by 2015 it had been registered by a porn site. The Heinz customer who discovered that took to social media to tell everybody.
Domain hijacking
Not all domain dangers are due to accidental mishaps. Domain names are registered with domain registrars who hold all the details of the domain including account authorities, and name server information associated with the domain.
Once someone has access to your details held by your domain registrar, for example through a phishing exercise directed at the legitimate contact, they can take full control of your online presence.
Things are made easy for them because, in many cases, the email address of the legitimate contact is publicly accessible via a query to whois.com.
Domain hijacking is also facilitated by some registrars having insufficient security practices relating to corporate domain management.
Some, but not all, offer registrants the ability to implement a security lock. This allows only one person to make changes to registration details, and that person must complete two-factor authentication to do so.
You should only use a domain registrar that provides this facility, and make sure it is activated, but many businesses fail to do this.
According to CSC’s 2020 Domain Security Report 83% of the Forbes Global 2000 companies are at risk of domain name hijacking because they have not adopted basic domain security measures like the registry lock protocol.
And if the hijacker has transferred the name to a registrar in another country, retrieval could require legal proceedings in that country, a costly and protracted exercise.
Hijacking on the rise
To make matters worse, the Spamhaus Project, an international non-profit organisation that tracks spam and related cyber threats, says domain hacking is on the increase.
And in 2018 the Australian Cyber Security Centre (ACSC) alerted Australian businesses to “a global Domain Name System (DNS) infrastructure hijacking campaign”. It directed organisations to its Essential Eight mitigation strategies to protect their systems.
A full domain hijacking where access is lost or where users are redirected to another site is likely to be rapidly detected, enabling, hopefully, rapid remediation. Potentially more damaging is a hijack that enables the attacker to direct only selective requests to another site.
This happened earlier this year to Japanese cryptocurrency exchange Coincheck. The hackers gained access to registration details for coincheck.com and changed the nameserver to their own, with a very similar name.
This enabled them to let most of the traffic go to coincheck.com, reroute some to their own look-alike website and launch phishing attacks on those unsuspecting coincheck.com customers.
The solution? Specialist management
A good way to reduce your exposure to these dangers and to help implement robust protection for your entire domain name portfolio is to outsource management to a dedicated corporate domain management service.
If you’re interested in finding out more about specialist domain name management, please contact Melbourne IT. Our Domain Portfolio Solutions team have been helping large Australian businesses effectively manage their domains since 1996 and are the only Corporate Domain Management specialist with local Australian account management.