As covid 19 was one of the most painful pandemics this generation has seen ever. In the case of domain names, there was a huge increase in registrations of corona related domain names. Along with genuine causes, a lot of domains also entertained malicious, phishing, and spam content.
This panel was moderated by Vice President for Technical Engagement at ICANN, Mr. Adiel Akplogan, and joined by Jeff Bedser, Ashley Heineman, John Crain, Merike Kaeo as speakers. Mr. Bedser shared about the measurement factors of DNS abuses at the various stages. He also mentioned that the issues of DNS abuse will not end soon. And we need to have constant attention and focus on the mitigation of DNS abuse. Mr beds shared DNS abuses can be measured through the measure of phishing attempts and malware distributed by the DNS, and the measure of botnet domains that spread spam contents of child exploitation, human trafficking, and other content of similar nature. He also emphasized the role of different stakeholders that can be pulled to ensure more efficient DNS abuse mitigation.
Recently the European Commission came out with statistics that the global cost of cybercrime is estimated to be about $630 billion. The EU has also recommended the adoption standard definition of abuse and the primary responsibility points for any abuse resolution. Speaking from the registrar’s perspective Ashley Heineman, Director of Global Policy at Godaddy (World’s Largest Registrar ) mentioned that DNS abuse is a real problem for the industry and has been a priority for Godaddy. She also mentioned that the eradication of DNS abuse is nearly unrealistic. She also emphasized that there needs to be a distinction between the security of DNS and content moderation. Without this distinction taking action at a deeper level might have a lot of collateral damage. Sharing about the efforts of registries and registrars against DNS abuse she mentioned a framework to standardize definitions and expectations actions for DNS abuse started by 11 registries. And now it has gained 50 signatories who are tackling the real ground against the DNS abuse issues.
She also highlighted that after covid-19 there has been a 15% surge in the abuse issues and in the current scenarios GoDaddy processes about 2,000 phishing reports per day. Among the reports, some are duplicates and some others are not actionable due to lack of proper information required. GoDaddy also received advice not to register the domains but they didn’t adapt that realizing that this might stop some nice initiatives trying to pass out good information about the situation and other updates. Ms. Ashley also witnessed that it is really important to combat DNS abuse at the same time the limited role of registrars should be recognized.
Mr. John Crane, Chief Security Stability and Resiliency Official at ICANN who was also involved in the measurement of DNS abuse in the pandemic. Mr. Crane shared that seeing the statistics and graphs from different research/operations it is most common that the domain registrations were at a peak in March/April and early may time frame. Although a lot of domains were flagged for being malicious, going through the operation it was found that the real suspicious domains were much smaller in number than expected.
And, finally, Ms. Merike Kaeo was on the mic representing the Domain Name System Security Facilitation Initiative Technical Study Group (DSFI-TSG). DSFI-TSG is actually a project initiated by ICANN CEO, to examine various aspects that ICANN should be doing to improve DNS security along with what ICANN should not be doing. A lot of people from various cross-functional expertise are in this group ranging experts from Incident response handling, DNS Operations & Architecture along with other people associated in registries and registrars operations. She emphasized that DSFI-TSG is focusing on the mechanisms by which the attack is being carried out rather than the content of attacks. The output of these shall be presented to ICANN CEO to adapt the best practices with suitable technologies to ensure DNS security.
This blog was written as takeaways from the global IGF 2020 session takeaways from IGF 2020 WS #317 DNS-Abuse in the Age of COVID-19: Lessons Learned