/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: In the earlier days things were much simpler in the dot com front. Even though there were quite a few domain suffixes like .co.uk, .in, .org, and so on, Internet meant 'dot com'!
But things changed in the recent times and, in its latest move, ICANN has liberalized the domain suffix rule thus giving approval for the '.brand' Internet names, which, according to the organization is “the most dramatic change to the Internet in four decades”, allowing the expansion of new Top-Level Domains (TLDs).
But this has a flip side, says Spencer Parker, Group Product Manager, Websense. And it is not just about some giants grabbing the domain suffixes to protect their company reputation. There’s a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names, he says.
In this email interaction with Sudhakaran of CyberMedia News, Parker talks about the hidden threats behind the liberalization of domain suffixes. Read on:
Q: How do you look at the latest move by ICANN to liberalize the domain suffixes?
Spencer Parker: Businesses looking to protect their company reputation aren’t the only ones who are likely to try to snag these new top level domains. There’s a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors.
Q: Also, won't the move to give suffixes like Apple, Orange etc create sort of monopoly among some enterprises?
SP: Yes, this concern is there. The biggest brands will all reach out to ensure they get control of most of the top-level domains using their brand name, but the mid-to-small level businesses may not have the resources to do so. This is where the largest danger will lie. I can see for example, small regional banks with small IT departments being taken advantage of in this way.
Q: How do you look at the issue from a security point of view?.
SP: Cybercriminals could seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors. For example, imagine you received an email from “yourbank.bank.” You might tend to trust those emails, but in the beginning at least, you wouldn’t necessarily know if this came from the institution in which you have accounts.
Q: So, how can we prevent the exploitation?
SP: Businesses need to do two things in preparation for the introduction of these new domains. First, ensure that your brand is protected by pre-registering your company name and trademarks under the new top-level domains and secure the rights to these.
Secondly, take precautions so that your employees at work and at home aren’t accidentally accessing bogus sites by ensuring they are protected by a security solution that can examine the content and links within a site for malicious code in real time. This will prevent the malware from getting into your company network.
Q: According to you, how can ICANN prevent the misuse of this liberalization, which may lead to the creation of bogus domains?
SP: ICANN will need to strictly enforce its policies and stringent evaluation procedures for generic top level domains so that the bad guys don’t get their hands on them.