The second day of the TLDCON 2025 business program opened with a session on Cybersecurity and DNS Abuse, moderated by Andrey Vorobyev of the Coordination Center for TLD .RU/.РФ. Panelists explored current practices for combating cyber threats and debated the potential need for new policies to create a stronger regulatory framework against DNS abuse. The session featured contributions from Mikhail Anisimov (ICANN), Dejan Dzukic (RNIDS, .RS), Olga Baskakova (Coordination Center for TLD .RU/.РФ), Kristina Hakobyan (ISOC AM), and Natalia Kosyak (hoster.by).
A key topic of discussion was the recent package of recommendations from the Net Beacon Institute, which aims to reduce DNS abuse. One notable proposal advises registrars to proactively check all domains registered by a user if even one of their domains is found to be abusive. This reactive measure is designed to identify and eliminate abuse on a larger scale.
Olga Baskakova of the Coordination Center for TLD .RU/.РФ, along with other contributors, pointed out that a similar mechanism has been in successful operation since 2012 via their Netoscope project. However, she highlighted a key difference: in the Netoscope system, the task of verifying connections between domains is handled by trusted cybersecurity experts, such as the National Computer Incident Response and Coordination Center (NCIRCC). Olga emphasized,
“We believe this is a more effective approach, as not all registrars are equipped – based on their business models – to properly investigate these connections. Everyone should focus on their core role: registrars should register domains, while experts should be the ones to detect and combat illegal activity.”
The recommendation to define ICANN's role in coordinating the development of mechanisms to generate DGA (Domain Generation Algorithm) names for malware and botnets, or to create a unified data exchange platform under ICANN, received a mixed response. While participants agreed this approach was quite logical for generic top-level domains (gTLDs), they noted it is not always applicable to country-code domain zones (ccTLDs), which are governed by national laws. In these cases, the influence of the national regulator carries significantly more weight.
The panelists also shared insights from the experiences of national registries, highlighting best practices for combating DNS abuse from around the world.
The conference's final session, Applied Cybersecurity, focused on the modern cyber threat landscape and was moderated by Olga Baskakova.
Stanislav Goncharov of F6 reported a significant drop in the share of phishing sites within .RU and .РФ, falling from 95% in the first half of 2024 to 49% this year. However, he also highlighted a concurrent rise in threats from malware distribution and new attacker groups. He pointed out that scams are becoming increasingly widespread, noting that scam domains currently take much longer to block than phishing domains – a vulnerability cybercriminals are quick to exploit. Interestingly, his data showed that in 2025, cybercriminals targeted each brand with an average of 2,299 phishing resources and 1,238 scam domains.
Viktoria Vlasova (Kaspersky Lab JSC) and Dmitry Moryakov (VK Tech) highlighted a significant increase in threats originating from newly emerging threat actor groups. Separately, Artyom Izbaenkov (Solar Security) and Asker Jamirze (Positive Technologies) advocated for a unified front, calling on all cybersecurity companies to combine their efforts and create a single platform to ensure digital sovereignty.
Anton Voronkin of NCIRCC summarized the reports, emphasizing the critical importance of remaining vigilant and aware of the current threat landscape. He stressed that only by consolidating information from a wide range of cybersecurity experts can adequate countermeasures be developed, and he cited the Coordination Center’s Domain Patrol project as an excellent tool for this purpose.
The speaker supported his points with key statistics. In Russian domain zones (.RU/.РФ), the number of detected and blocked malicious domains has remained consistently high, with 39,951 in 2023 and 41,794 in 2024. For the period from January 1 to August 31, 2025, the figure was 26,473. Noting a year-on-year decrease of less than 1%, Voronkin projected that the year-end total for 2025 would be similar to the previous year’s. This trend stood in stark contrast to that of foreign domain zones, which have seen an exponential increase. The number of blocked domains there surged from 4,673 in 2023 to 33,163 in 2024. This aggressive trend has continued in 2025, with 68,990 domains blocked between January 1 and August 31 alone, representing a 369% increase compared to the same period last year.
Anton Voronkin emphasized the critical need to protect domains from being hacked and hijacked. His key recommendations included ensuring the use of updated Content Management System (CMS) software and establishing a robust system for applying patches, advising attendees to subscribe to NCIRCC’s regular bulletins to stay informed. He also outlined essential prerequisites for robust domain security: the mandatory use of two-factor authentication for accessing registrar accounts and the correct configuration of the domain's DNS zone. In conclusion, Voronkin issued a call to action, urging registrars, competent organizations, and information resource owners to join forces and integrate with GosSOPKA, the state system for detecting, preventing, and eliminating cyberattacks.
The conference concluded with a lecture on Quantum Communications: Problems and Prospects, delivered by Sergei Kulik, PhD, a Professor and Research Director of the Center for Quantum Technologies at Lomonosov Moscow State University, as well as Director General of the Center for the Development of Quantum Technologies. In his presentation, Dr. Kulik addressed the fundamental physical principles underpinning the high-tech quantum communications industry. He outlined the field's core challenges and potential solutions at both the physical and hardware levels, while placing a strong emphasis on domestic developments and future industry trends.
This lecture marked the official close of the 18th International Conference for ccTLD registries and registrars of the CIS, Central and Eastern Europe. The next TLDCON conference is scheduled for fall 2026 in Samarkand, Uzbekistan.
