On the second day of the SPEKTR-2022, participants discussed the security issues of the Russian Internet infrastructure, as well as the measures taken by leading companies to overcome threats and ensure the stable functioning of the Runet. Experts from the Coordination Center for TLD .RU/.РФ as well as partners of the Center, the Internet Technical Center and MSK-IX, spoke about the risks faced by the Russian Internet infrastructure and how to counter these threats.
Andrey Vorobyev, Director of the Coordination Center for TLD .RU/.РФ, spoke about the possibilities of a proactive approach used by the Coordination Center and competent organizations to detect malicious registrations of domain names in the .RU and .РФ zones. He discussed the traditional method of identifying malicious domain names, of which the Domain Patrol resource is one example, and he also showed new techniques for doing so, including based on contact information analysis, delegation parameters analysis, and string distances between domain names. In his report, Andrey Vorobyev spoke about domestic and foreign studies in this area, in particular, about the research “Methodology for determining the likelihood of illegal (malicious) use of domain names in .RU and .РФ domains based on a set of parameters / indicators (technical data) obtained in the process of domain name registration and its activation (delegation)”, which the Center presented in 2022.
Mr. Vorobyev also noted that the number of malicious domains is growing every year. In 2021, competent organizations sent 11,637 complaints to registrars about the domain abuse, and in the first 9 months of this year, 9,696 complaints have already been sent.
“Modern methods for analyzing registrations use contact information about the domain administrator, delegation parameters, string distance, similarity with dictionaries of suspicious domains, as well as information about previously identified malicious resources and incidents. This allows you to more effectively track malicious domains at the registration stage and work ahead of the curve, preventing them from causing harm,” Andrey Vorobyev added.
MSK-IX CEO Evgeny Morozov spoke about the threats and risks faced by the Russian Internet infrastructure, as well as what tools and services the traffic exchange point uses to ensure the best connectivity and traffic security during times of instability.
Director of the Technical Center of Internet Alexey Rogdev noted that the TLS ecosystem remains the most vulnerable part of the infrastructure. He spoke in detail about the Certification Center based on domestic solutions, which created the TCI in 2022 to overcome the dangerous dependence on foreign TLS certificates.
Sergey Khutortsev, director of the Center for Monitoring and Control of the Public Communications Network of the Main Radio Frequency Center, announced that the Russian national system for countering DDoS attacks would be created by the end of 2024. An important task in the development of this system, he called the provision of multi-level monitoring and reflection of more complex, specific attacks.
The work of the SPECTR-2022 conference continues, the stand of the Coordinating Center is open at the conference - participants can learn about the projects and initiatives of the Coordination Center and communicate with the experts of the Coordination Center.
