- New generic top-level domains like .xyz contain disproportionately more phishing websites, report finds
- Researchers believe this is because they are affordable and come with very few registration requirements.
- More new domains are being announced, increasing the risk even more
new forms of domain nameNew research claims that .top, .shop, or similar, are proving unfortunately popular with scammers and cyber criminals.
cyber crime supply chain 2024 The report, published by researchers at Interiscal Consulting Group, used Cyber Crime Information Center data to analyze 16 million cybercrime incidents, concluding that the overall market share of newly created top-level domains and their impact in cybercrime. There is a serious discrepancy between usage.
new normal top level domain (gTLDs), introduced over the past few years, currently make up 11% of the total domain name market – yet, the report found that they account for more than a third (37%) of cybercrime domains . Additionally, more “traditional” domains, such as .com, .net, .org, and so on, make up more than half of the total domain name market, yet account for slightly more than 40% of cybercrime domains. Are, almost identical to gTLDs.
cheap and simple
Delving deeper into the reasons for this discrepancy, researchers established that new gTLDs attempt to attract customers with cheaper prices and a faster registration process. In fact, the researcher said that some of the gTLDs with the highest cybercrime domain scores offered registration for less than $1, or even $2. The cheapest price they could find for a .com domain was $5.91.
Cyber criminals use these domains to create fake websites, steal information from landing pages, and more. Coupled with cheap email delivery, phishing attacks cost threat actors virtually nothing, while at the same time resulting in losses of hundreds of thousands of dollars, if not more.
Analyzing the report, krebs on safety It is noteworthy that phishing attacks increased by almost 40% in the year ending August 2024, indicating the popularity of this attack vector among cyber criminals. And with new gTLDs soon to be introduced, these types of attacks are likely to become even more widespread, and cause even greater damage.
