CSC’s Research Uncovers Suspicious Domain Registration Surge Amid Baby Formula Supply Chain Crisis.
Third parties registering domains are attempting to mask their ownership and identity, suggesting they may have nefarious intentions.
WILMINGTON, Del, July 13, 2022 – CSC, an enterprise-class domain registrar and world leader in mitigating domain and domain name system (DNS) threats, today released data from its global assessment of domain registrations since 2021 showing that 84% of baby formula-related domains were registered by third parties. The rise in fake registrations coincides with the turbulent supply chain issues the industry experienced this year, and registration characteristics show these domains are designed as vehicles to execute potential fraud and phishing attacks. The registration behavior is not limited to the baby formula market. A similar surge is also targeting commercial organizations and has occurred within the semiconductor industry, as CSC’s research shows that 95% of domains registered in the same time period are tied to third parties. This assessment is part of CSC’s latest report, “Where Domain Security Meets the Supply Chain Crunch.”
CSC’s research team found disturbing trends when they assessed the security of branded web domains and key search terms associated with the baby formula and semiconductor industries. Between January 2021 and May 2022, CSC found that within third-party registered domains, 93% of baby-formula-related and 79% of semiconductor-related domains include privacy services, or have WHOIS details redacted. These are steps taken with the intent to conceal true identities and reveal potential fake domain registrations and fraudulent activity. In addition, 26% of baby formula-related and 44% of semiconductor-related domains are configured with MX email records—a key mechanism used to disseminate phishing emails.
“Companies need to understand how their choice of domain registrar impacts their organization’s overall security posture and the probability of their employees and customers falling victim to fraud. Consumer-grade registrars have repeatedly been attacked over the last few years, and do not provide the security controls needed to protect clients’ vital domain names from domain and DNS threats. Moreover, many consumer-grade registrars offer services like name spinning and domain auctioning that promote the registration of confusingly similar names that not only infringe on established brands but are often used for phishing and other fraud-based attacks,” says Mark Calandra, president of CSC Digital Brand Services. “As a result, these registrars monetize the goodwill brand owners have worked hard for, creating a revenue stream for themselves rather than serving the interests of enterprise clients who use their platforms. We believe the industry should follow best practice standards to prevent growing brand abuse and consumer safety concerns to ensure a more secure digital economy.”
Domain security hygiene remains an overlooked risk management component of an organization’s business operation and overall security posture. CSC conducts an annual assessment of the domain security practices among the Global Forbes 2000. Through a cross assessment of the most recent report and CISA’s 16 critical infrastructure industries categories, food and agriculture and critical manufacturing are two industries with the weakest domain security hygiene and minimal year-over-year improvements.
CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® in enterprise domain names, domain name system (DNS), digital certificate management, as well as digital brand and fraud protection.