CSC, a business, legal, tax, and domain security, today released new research from their Digital Brand Services, DBS, division that reveals areas of risk for prominent election-related websites.
The research indicates that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are being targeted for disinformation activities such as domain spoofing, and threats including domain name and domain name system, DNS, hijacking, and phishing.
On the heels of its recent Forbes Global 2000 research, CSC is seeing major risks related to the manipulation of web properties that voters rely on for information and donations. Findings show that over 90% of these web properties are not using registry locks to protect their domains from domain and DNS hijacking that can lead to phishing attacks, network breaches, and email compromise.
“As noted in our previous research, we’ve consistently seen domains emerge as a threat vector for enterprises, and an area that is continuously overlooked in cyber security. Due to the sensitivity and importance of the U.S. election process, domain security remains a major vulnerability for the potential of foreign interference, fraud, and misinformation,” says Mark Calandra, executive vice president for CSC DBS. “As an organization with the most visibility into the domain landscape, we advocate for the sanctity of voter trust and encourage both presidential candidates and other websites in the electoral ecosystem to prioritize domain security on their websites to ensure security and build confidence.”
“We have reached the point where awareness is not enough. Those responsible for managing domain registrations, including registrars and hosting companies, need to have an actionable plan that is aligned with best practices. Additionally, experiences must be shared between those within the industry for the good of the wider internet community,” said Matthew Stith, industry liaison at Spamhaus. “Without this commitment, users will be open to continued manipulation and fraud.”
In April of 2020 when domain names were at the center of many COVID-19 related fraud schemes, Senators Mazie K. Hirono (D-Hawaii), Cory Booker (D-N.J.), and Maggie Hassan (D-N.H.) called on domain name registrars and hosting sites to combat scams and misinformation. CSC’s research shows that domain security and preventing domain spoofing continue to be an oversight even with top election-related web properties. Our research shows that more than 75% of these election-related domains are using retail-grade domain registrars, which do not provide advanced security protocols.
Our research also showed that, of the typo domains related to joebiden.com and donaldjtrump.com, 60% are still available for registration, thereby posing future threats. Additionally, more than a third of those presidential candidate typo domains are linked to third parties; of that one third, nearly 70%:
- Are configured to send and receive emails, which can be used to lure donors to phishing sites
- Were registered in 2020 leading up to the November election
- Disguise the owner’s identity behind proxy or privacy services
With cyber criminals subverting activities on these websites to disseminate misinformation or commit fraud against web visitors, there is also the threat of ransomware. Simon Chassar, chief revenue officer at NTT Ltd.’s Security division states, “NTT’s September Monthly Threat Report identified ransomware as a significant threat to the U.S. election infrastructure. With DNS, domains, and email being a potential vehicle to distribute malicious content, our NTT Ltd. Security division suggests focus in this area, ensuring it is secure by design.”
– Oct. 8, 2020 @ 17:50 GMT /