Most Newly Registered Domains have been found malevolent

According to 2 reports separately from Farsight Security and Georgia Tech University, Newly Registered Domains pose danger to users, as these have far greater possibilities of being utilized for malware distribution and phishing operations. Unit 42 of Palo Alto Networks too describes a similar scenario based on their data of watching over such newly registered domains (NRDs) spanning many years. It reports that about 70 percent of doubtful NRDs currently run.

Interestingly, some NRDs remain active just a few hours of an extremely short time, while others get fast detected that function as distributing malware or a command-and-control server; aid in executing phishing campaigns else assist in typosquatting. Usually, NRDs have .com as their TLDs; however, if they have any country code as their registering extension they can be harmful.

Palo Alto Networks' research group during their investigation defined an NRD as being altered else registered during the past thirty two days. While carrying out the research for the period March-May 2019, analysts found .com as continuing being the widely used TLD despite its introduction thirty four years back. The TLD was used in 33 percent of the entire NRDs of late. The other highly popular TLDs are .uk, .cn and .tk.

But, in the case of malevolent NRDs, analysts observed that the percentage increased with many ccTLDs (country-code Top Level Domains). Malevolent NRDs, which were highest in number among various TLDs, had .to domain, accounting for 80 to 100 percent of the TLD behaving as malicious. The finding suggests that there is free/inexpensive registration for .to TLD, just as it has one not so stringent registration policy, while hides WHOIS registrant details so the general users can't view it. www.cryware.com posted this dated August 21, 2019.

Since an increased count of NRDs exists in relation to specific locations, the problem can be fought with URL filtering, recommends Palo Alto Networks. The researchers say in case organizations internally allow NRDs' access then there should be alerts established to make extra visibility. But, when security needs to be heightened, a particular TLD, ordinarily tied to cyber-criminal operation, can be completely blocked.

» SPAMfighter News - 8/30/2019