In 2019, several leading security organizations, including corporations like Akamai, Cisco, FireEye, and Talos, joined forces to inform the public and private organizations of the growing threat of domain name systems (DNS) or DNS hijacking. They were joined by international government agencies that included the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre.
The targets of the most recent attacks were corporate, telecommunication, government, and other infrastructure entities — the main aim seemed to be a direct effort to redirect emails and website traffic to collect sensitive information. These attacks made headlines, but experts believe we are only seeing the tip of the iceberg concerning the number and breadth of these attacks.
But why are DNS hackings such an issue? And what can you do to protect your organization’s domain registry?
Let’s hash it out.
Why DNS Hijackings Are an Issue?
DNS hijackings pose major threats to both government and private organizations for a couple of big reasons. Firstly, it can result in major data breaches, but more importantly, it can result in a privacy nightmare, especially when looking at the stringent government privacy policies that have been put in place like the European Union’s (EU’s) General Data Protection Regulation.
DNS hijackings form an increasingly important — and increasingly dangerous — part of the threat landscape. According to recent research from IDC and efficient iP:
“Two-in-five (40%) organizations suffered cloud outages and one-third (33%) of respondents were victims of data theft. One-in-five (22%) businesses had lost business due to DNS attacks.”
Even more worrying is the fact that the global average cost per DNS attack has increased by 57%, their data indicates.
By using the collected information, hackers also have the opportunity to launch sophisticated phishing attacks on both employees and customers using a company’s own domains to make the phish appear authentic.
What Is a Domain or Registry Lock?
Though some new and innovative communications-solutions, such as business texting, have come to the foreground when it comes to an organization’s online communication strategies, the domain name is still the essence of an organization or business’s online operations. Usually linked to the business name or entity it represents, it would render any business or entity “unfindable” should it stop working, and all emails linked to the domain would cease to function.
In short, the consequences of a domain hijacking and the cost to the registered owner of a domain can be massive and far-reaching. And these hijackers know how to avoid detection. That is why domain security consists of “locks,” a variety of software rules that prevents changes to a domain’s registration unless a set of predetermined criteria is met. The highest level of protection for a domain name is a registry lock — also called a domain lock, registrar lock, or domain transfer lock — where an area or zone operator (e.g. SIDN for .nl) secures a limitation on a domain name.
There are various types of domain locks, and they can be implemented in different ways. The two main types are those that focus on the client, and those that focus on the server level. The fundamental idea, however, is the same in all types of domain lock: these will stop unauthorized deletion or manipulation of a domain.
With a registry lock in place, nothing on a domain name’s registration can be changed without registry approval by the registrant.
When Is a Registry Lock Essential?
According to Symantec, the economy has been losing over $400 billion annually as a result of domain hijacking and related crimes. When looking at the latest published reports highlighting the personal and nationwide financial statistics in America, it means that there are literally millions of domain names in the U.S. alone that can’t afford to be without a lock. Locks are also desirable when a domain name is very valuable, as these are often targeted by hijackers. As such, every website admin should know how to guard against DNS hijacking attacks.
Lenovo and Google have been hijacked in the past, and they are but two of some very high-profile domains that have been attacked. But a registry lock may not be an ideal solution for all domain names. In fact, in certain cases, using a registry lock would be downright inconvenient. The delay in updates and the additional administrative workload that comes with a registry lock might mean that the drawbacks outweigh the benefits for some businesses. However, some domain names are so crucial (e.g. a search engine, bank or government department) that even a brief hijack could cost the domain owner millions.
Why Registry Locks Are Controversial
Despite being a much-needed part of any organization’s online security measures, registry locks are not very popular within the domain name industry. In fact, it is much easier to find your perfect domain name through a domain name generator, than it is to secure a registrar that can cater to all your security needs.
There’s No Standardization Among Registry Locks
The main reason being that a registry lock safeguards against all hacks, including the hacking of a registrar or hosting platform. By offering registry locks, a registrar effectively acknowledges that his platform is fallible and not 100% secure against hacking. And, as we all know, no one is going to want to admit to that.
Furthermore, there’s also a major need for a good internationally accepted e-ID system. A lot of human effort is currently needed to verify a customer’s identity in order to set up a registry lock — a process that comes with higher cost-implications. This lack of standardization is an industry-wide issue as a .com lock works differently from a .info or .org lock, leading to a lot of complexities for international companies hosting multiple domains.
The Demand for Registry Locks Is Rising
The demand for registry locks is on the rise, especially amongst larger corporations and businesses. This forms part of a broader move toward enhanced cybersecurity for businesses, which are implementing a range of tools to protect their online platforms. The last few years have seen the use of enhanced SSL certificates and encryption become standard practice for helping to secure websites. Registry locks are likely to be the next key technology that helps to secure your website, but specifically on the domain front.
As cybersecurity awareness grows, the online community is increasingly becoming aware of the value a safe and secure domain name brings. As such, unprotected names are being recognized as vulnerabilities. Domain names are, quite interestingly, also being pledged as collateral for business loans — and in these instances, the domain owners are doing everything in their power to keep the domain names safe.
The rise of electronic ID is also significant as it leads to less administrative burdens, effectively lowering the threshold of getting a domain name locked. It is, therefore, no surprise that more and more international registries are indicating plans to introduce domain transfer locks or to expand on their current safety offerings.
Given the global rise in domain name system hijacking attacks, it has become a fundamental necessity for business owners and those responsible for an organization’s online operating structure to understand not only the scope and scale of the threats that exist but to also educate themselves on the availability and the intricacies of the solutions they have at their disposal to safeguard themselves.
Too many business or brand owners have a false sense of security when it comes to their domain safety when looking at their current safety offering as provided by their hosting company or registrar. More comprehensive solutions should be considered to ensure the adequate level of protection they require.