- Lightmatter launches photonic chips to eliminate GPU idle time in AI data centers
- Network Visibility Module and Zeek Detections in Secure Network Analytics
- This Hisense 85-inch TV is still over $1,100 off on Amazon - and I highly recommend it
- I tested a subscription-free video doorbell that rivals Ring - and it's better in some ways
- The plan to decentralize TikTok
NCSC Urges Domain Registrars to Improve Security
The UK’s National Cyber Security Centre (NCSC) has published new guidance designed to minimize malicious domain registrations and domain hijacking.
Good security practice for domain registrars is available online. It’s geared towards two main types of domain registrar: those who sell wholesale at scale in an automated fashion, and brand protection/domain investor businesses that keep privately managed lists of domains – some of which aren’t in use.
The agency said countering domain abuses is a vital first step to tackling the phishing threat. It wants to minimize the number of threat actors registering malicious domains, reduce the length of time these domains are available and help customers to secure their domains more effectively.
Read more on domain registration abuses: Sitting Ducks DNS Attacks Put Global Domains at Risk
The NCSC said it also wants to reduce the number of vulnerable and compromised systems that could be used by threat actors, by enabling better reporting of threats and vulnerabilities by researchers to domain owners.
To this end, it made four recommendations:
- Security controls at customer registration via “know your customer” checks. Registrars should confirm that source IP address, email addresses, phone numbers and payment information is valid and not connected to previous fraud or domain abuse
- Security controls at domain registration, to weed out threat actors impersonating big-name organizations or brands. This could include ensuring domains that are registered but not intended for use are configured securely by default. Additional DNS security features, such as certificate authority authorization (CAA) records, could be offered as standard
- Stronger security features for customers to prevent domain hijacking. These could include multi-factor authentication, registrar/registry domain locking, and change detection
- Abuse detection tools, sharing of threat data with other registrars and vulnerability notification mechanisms to tackle domain abuse and encourage reporting of security issues
The guidance defines “domain abuse” as malware, botnets, phishing, pharming and spam (when used to deliver threats).
