In the midst of global crises, such as a pandemic or a war, malicious online activities typically increase. Bad actors seek new ways to install malware on devices without the user’s consent to gather sensitive information or gain access to private computer systems. They also trick users into revealing sensitive personal, corporate or financial information – this is known as phishing.
To combat Internet malware and phishing, the Internet Corporation for Assigned Names and Numbers organization (ICANN) developed an evidence-based approach that identifies domain names that appear to have been used for malicious purposes and are related to the COVID-19 pandemic and the Russia-Ukraine war.
The Domain Name Security Threat Information Collection and Reporting (DNSTICR) is an innovative, robust, and linguistically comprehensive tool that searches for and reports potentially malicious activities of domain names and their background information to registrars, the entities that offer domain name registration services. DNSTICR provides another layer of defense in the ICANN’s fight to protect Internet users from Domain Name System (DNS) security threats.
Since the beginning of the pandemic, ICANN has analyzed 579 separate terms, which resulted in 438,819 domain names being examined. From these, 23,452 domain names were seen to be potentially active and malicious. After ICANN analyzes these domain names and reports the phishing attacks, the registrar has all the evidence needed to decide on the best course of action to remove the threat.
“ICANN is committed to doing its part in the collective efforts to mitigate these threats, especially when criminals attempt to leverage the Domain Name System to take advantage of unsuspecting Internet users,” said John Crain, ICANN’s Chief Technology Officer.
ICANN’s response to DNS security threats is an example of the organization’s efforts to provide verifiable data, unbiased research, and expertise to facilitate fact-based discussions on the technical operations of the Internet.
The DNSTICR initiative is just one of many ICANN efforts that aligns with the organization’s purpose and commitment to promote a broad participation of public and private actors to make the Internet safer, more secure, and interoperable. ICANN’s DNS Security Threat Mitigation Program recently published a report on DNS abuse trends relying on four years of data (read The Last Four years in Retrospect: A Brief Review of DNS Abuse Trends).