News

Most malicious domains are used for phishing

The Coordination Center for TLD .RU/.РФ held another regular meeting for representatives of organizations listed as competent in identifying abuse on the web and accredited registrars.

The meeting was moderated by Head of the Coordination Center Department for Interaction with Registrars and Users Georgy Georgiyevsky. Attending the meeting were representatives of the Coordination Center, Group-IB, Kaspersky Lab, and the Russian Institute for Public Networks (RIPN).

The Coordination Center’s Special Projects Manager Yevgeny Pankov said that, as of today, the cooperation system for competent organizations and accredited domain registrars included 10 competent organizations, 82 accredited registrars, and over 120 active users as members.
Yevgeny also noted that, according to the Coordination Center’s statistics, most malicious domains were used for phishing, and BI.ZONE, Group IB, Fincert and the National Computer Incident Coordination Centre (NCICC) were the leaders in distributing complaints among competent organizations. As a result of processing complaints from competent organizations, registrars cancelled the delegation of malicious domains in more than 90 percent of cases. Some of the websites were blocked by hosting providers.

Yevgeny also shared recommendations for competent organizations, described what to look for when interacting with domain registrants and users, and also pointed out typical mistakes when filing complaints with registrars.

The Coordination Center’s Project Manager Olga Baskakova shared updates on changing the interface of the Information System, API use, and plans to improve the system to make it more user-friendly and expand its capacities.

Deputy Head of the Group IB Computer Emergency Response Team (CERT-GIB) Yaroslav Kargalev noted that over the past three years the number of phishing cases has been growing all over the world, and in 2020, the number of cybercrimes almost doubled. Kargalev noted that in 2021 one third of phishing resources used hidden linking techniques, making it increasingly difficult for users to determine whether a resource was used for phishing or not.

Chief expert of Kaspersky Lab Sergei Golovanov presented the landscape of Runet 2021 threats with statistical data and real cases, and informed his colleagues that sales of fake vaccination certificates had resumed. At the same time, Sergei Golovanov noted optimistically that “the more we work, the fewer users fall for phishing, based on our statistics. And that means our work makes sense.”

Yevgeny Kuskevich from RIPN talked about RIPN joining the Policy of Cooperation and Coordination to Prevent the Abuse of Domain Names. Yevgeny Pankov added that soon MSK-IX was expected to join the policy as the registry of Russian domains NET.RU, ORG.RU, and PP.RU.

A free discussion was held after all the speeches, where the participants were able to ask the questions they were interested in and share their vision of the latest trends in cybercrime.

In conclusion, the participants noted how user-friendly the information system for cooperation between competent organizations and registrars was. They stressed that today this information system was an active and effective self-regulation mechanism, and only a professional approach in preventing the abuse of domain names would make the internet cleaner.

Previous News Next news