Line 144: |
Line 144: |
| ''Legacy''<br/> | | ''Legacy''<br/> |
| * The February 2021 [[DAAR]] report indicates the majority (64.8%) of security issues are occurring in legacy [[TLDs]], which comprise 88.8% of resolving gTLD domains in zone files.<ref>[https://www.icann.org/en/system/files/files/daar-monthly-report-28feb21-en.pdf DAAR monthly report Feb 2021]</ref> | | * The February 2021 [[DAAR]] report indicates the majority (64.8%) of security issues are occurring in legacy [[TLDs]], which comprise 88.8% of resolving gTLD domains in zone files.<ref>[https://www.icann.org/en/system/files/files/daar-monthly-report-28feb21-en.pdf DAAR monthly report Feb 2021]</ref> |
− | #* Legacy TLD domains, 53% of the market, comprise almost 49% of DNS abuse. Domains in [[.com]] and [[.net]] TLDs are the most abused. <br/>
| + | * Legacy TLD domains, 53% of the market, comprise almost 49% of DNS abuse. Domains in [[.com]] and [[.net]] TLDs are the most abused. <br/> |
| ''nTLDs'' <br/> | | ''nTLDs'' <br/> |
− | #* nTLDs, 6.6% of the market, are the most abused group of TLDs in relative terms. In 2021, 20.5% of all abused domain names were registered in new gTLDs. Specifically, the two most abused nTLDs together account for 41% of all nTLD abuse.<br/>
| + | * nTLDs, 6.6% of the market, are the most abused group of TLDs in relative terms. In 2021, 20.5% of all abused domain names were registered in new gTLDs. Specifically, the two most abused nTLDs together account for 41% of all nTLD abuse.<br/> |
| ''among ccTLDs?''<br/> | | ''among ccTLDs?''<br/> |
− | #* EU ccTLDs are the least abused; only 0.8% of all abuse ([[Compromised Domain]]s and [[Malicious Domain]]s) were registered under EU ccTLDs. [[.eu]], [[.de]], [[.nl]], [[.fr]], [[.pl]], [[.it]], [[.es]], and [[.be]] account for 76% of all abuse among EU ccTLDs. Abused [[.ru]] and [[.su]] second-level domain names account for 75% of all abused domains among non-EU ccTLDs.
| + | * EU ccTLDs are the least abused; only 0.8% of all abuse ([[Compromised Domain]]s and [[Malicious Domain]]s) were registered under EU ccTLDs. [[.eu]], [[.de]], [[.nl]], [[.fr]], [[.pl]], [[.it]], [[.es]], and [[.be]] account for 76% of all abuse among EU ccTLDs. Abused [[.ru]] and [[.su]] second-level domain names account for 75% of all abused domains among non-EU ccTLDs. |
| ''Which is more prevalent? Malicious or Compromised Domains?''<br/> | | ''Which is more prevalent? Malicious or Compromised Domains?''<br/> |
| ''[[Malicious Domain]]s''<br/> | | ''[[Malicious Domain]]s''<br/> |
− | #* Most [[spam]] and [[Botnet Attacks|botnet]] control and command [[domain name]]s are maliciously registered.
| + | * Most [[spam]] and [[Botnet Attacks|botnet]] control and command [[domain name]]s are maliciously registered. |
− | #* 42% of hacked websites occur among more frequently used TLDs. In less-used new gTLDs, hackers directly register domains for malicious activities.
| + | * 42% of hacked websites occur among more frequently used TLDs. In less-used new gTLDs, hackers directly register domains for malicious activities. |
− | #* [[Registries]] and [[registrars]] can act at the DNS level but not on the hosting infrastructure unless they also offer hosting services.
| + | * [[Registries]] and [[registrars]] can act at the DNS level but not on the hosting infrastructure unless they also offer hosting services. |
− | #* The top five most abused registrars account for 48% of all maliciously registered domain names.
| + | * The top five most abused registrars account for 48% of all maliciously registered domain names. |
| '''[[Compromised Domain]]s'''<br/> | | '''[[Compromised Domain]]s'''<br/> |
− | #* Almost 25% of [[phishing]] domain names and 41% of [[malware]] are registered by legitimate users. They are compromised at the hosting level and thus cannot be addressed at the [[DNS]] level without collateral damage.
| + | * Almost 25% of [[phishing]] domain names and 41% of [[malware]] are registered by legitimate users. They are compromised at the hosting level and thus cannot be addressed at the [[DNS]] level without collateral damage. |
− | #* Phishers use free subdomain and hosting providers, which do not work well for spammers and botnet C&C activity. For phishing abuse, half of the 10 most abused TLDs ([[.ml]], [[.tk]], [[.ga]], [[.cf]], and [[.gq]]) are operated by [[Freenom]].
| + | * Phishers use free subdomain and hosting providers, which do not work well for spammers and botnet C&C activity. For phishing abuse, half of the 10 most abused TLDs ([[.ml]], [[.tk]], [[.ga]], [[.cf]], and [[.gq]]) are operated by [[Freenom]]. |
| ''Adoption of preventative measures?''<br/> | | ''Adoption of preventative measures?''<br/> |
− | # Adoption of [[DNSSEC]] and mail protection protocols:
| + | * DNSSEC adoption remains low. Of 227 million domain names, only 9.4 million meet all required resource records; however, 98% of them are correctly signed and validated. |
− | #* DNSSEC adoption remains low. Of 227 million domain names, only 9.4 million meet all required resource records; however, 98% of them are correctly signed and validated.
| + | * In Europe, [[.cz]] (59%), [[.se]] (55%), [[.nl]] (51%), and [[.sk]] (48%) have the highest adoption of DNSSEC and offer price incentives and technical support. |
− | #* In Europe, [[.cz]] (59%), [[.se]] (55%), [[.nl]] (51%), and [[.sk]] (48%) have the highest adoption of DNSSEC and offer price incentives and technical support.
| + | * Around the world, 2.5 million open DNS resolvers can be used as amplifiers in [[DDoS Attack]]s. |
− | #* Around the world, 2.5 million open DNS resolvers can be used as amplifiers in [[DDoS Attack]]s.
| + | * 60% of 247 million domain names do not use SPF and 97% do not use DMARC records to prevent [[Cybercrime|Email Spoofing and Business Email Compromise]] scams. |
− | #* 60% of 247 million domain names do not use SPF and 97% do not use DMARC records to prevent [[Cybercrime|Email Spoofing and Business Email Compromise]] scams.
| |
| | | |
| ==References== | | ==References== |
| | | |
| [[Category:Practices]] | | [[Category:Practices]] |