On November 27, the Coordination Center for TLD .RU/.РФ held the traditional annual meeting of the companies participating in the Netoscope project. This time the meeting was hosted by BI.Zone, one of the participants, and began with the company’s presentation.
BI.Zone is a young project participant. The company was founded in 2016 and has almost 200 employees. It specializes in protecting business assets and their reputation on the internet based on cyber surveillance and net monitoring. BI.Zone cooperates with Russian and foreign cybersecurity organizations.
The Coordination Center for TLD .RU/.РФ Project Manager Olga Baskakova spoke about the development of Netoscope. Today its base has over four million domains (of the second and third levels and below) that were suspect of undesirable activities at least once between November 2012 and October 2018.
Placing malware codes on websites is the most popular illegal activity (95.8 percent of “bad” third-level domains and 83.8 percent of “bad” second-level domains as of the end of October 2018), and the percentage has grown compared with last year.
Over 800,000 domain names have been added to the project since the beginning of 2018. As of today, 37.3 percent of malware domains in Netoscope are of the second level. Since the beginning of the year, the project has received 4,779 requests and complaints about malware sites in feedback. “The .РФ domain zone remains the clearest, with least malware,” Olga Baskakova noted.
The Coordination Center’s Deputy Head of the External Communications Department Mikhail Anisimov described the international experience in the project. He noted that the most cybersecurity expertise came from private organizations. In addition, cybercrimes are cross-border and often take place under several different jurisdictions at once. The Coordination Center’s and Netoscope’s experience shows that there are three cooperation models: “proxying” activities when foreign organizations make requests via competent organizations; maintaining a database and exchanging information about illegal resources like Netoscope and ICANN DAAR; and the “club model” when not domains but registrants are monitored (this is how SDF, Canada, works).
Pavel Khramtsov, Head of the Applied Service Department at the Technical Center of Internet, presented a review of the Netosope history. He said that just six or seven years ago .RU and .SU were considered among the most dangerous domain zones in the world, but the establishment of Netoscope helped solve the problem and improve the reputation of the Russian ccTLDs. Khramtsov also spoke about the most productive ideas implemented in Netoscope, such as monitoring all domain names that belonged to an administrator whose domain was noted for illegal activities and ways to protect personal data in compliance with the GDPR demands.
“The Netoscope project does not punish or cancel registration of “bad” domains. The project allows inspections of any domain in its database of domain names suspected in malware. This proves useful for all registrants who choose a domain name,” Khramtsov said.
Pavel Khramtsov also spoke about the survey carried out by Netoscope. Researchers studied emails in whois, chose those registered at mass mail services and checked which addresses were free for registration. “Unfortunately, we have found hundreds of such free addresses, and this poses a serious threat. We can conclude that now there is a certain number of domains without legitimate administrators,” he said.
Director of the Coordination Center for TLD .RU/.РФ Andrey Vorobyev noted that many Netoscope participants were competent organizations cooperating with the Coordination Center. “Countering phishing is among the center’s priorities today, and the reason is simple: users and companies can lose an enormous sum in just a few minutes on a phishing website, and it is strictly necessary to block it promptly. Competent organizations can quickly inform registries about a domain with a phishing website and thus stop its work. BI.Zone, our host today, specializes in countering phishing,” Andrey Vorobyev said.
The Coordination Center for TLD .RU/.РФ created a research platform to aggregate information about illegal resources in ccTLDs in 2012. A year later, the Netoscope information and analytical resource was founded. It publishes the latest data on cyberthreats and ways to counter malware. As of today, 14 companies and organizations participate in Netoscope: the MasterCard Members' Association, BI.Zone, Group-IB, iThreat Cyber Group Inc., Kaspersky Lab, Mail.ru, the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), Rostelecom, RU-CERT, SURFnet, SkyDNS, the Technical Center of Internet, FIFA, and Yandex.
