Visiting a newly registered domain (NRD) is the digital equivalent of picking up a hitchhiker: it might all go smoothly but you could also end up being robbed.
While NRDs can be created for perfectly legitimate reasons, such as hosting a new conference, they are also commonly misused by tricksters spreading malware or attempting to make a quick buck from phishing or other common scams.
A 2018 study by Farsight Security found that on average, 9.3% of NRDs died in their first seven days, with a median lifetime of just four hours and 16 minutes. The study concluded that the vast majority of these short-lived NRDs were used for cybercrime.
General awareness that shiny new domains might pose a threat has led cautious companies to block and/or closely monitor NRDs in enterprise traffic for anywhere from the first few hours after detection up to a week. But with no comprehensive study available on the malicious usages and threats associated with NRDs, a consensus hadn’t been reached on whether such actions are sensible precautions or security overkill.
A study published today by Palo Alto Networks’ threat intelligence arm, Unit 42, indicates that the companies blocking NRDs are onto something.
Out of 1,530 top-level domains analysed by Unit 42, more than 70% turned out to be “malicious,” “suspicious” or “not safe for work.” The study found that NRDs are “often times abused by bad actors for nefarious purposes, including but not limited to C2, malware distribution, phishing, typosquatting, PUP/Adware, and spam.”
According to Palo Alto Networks, the safe approach is to block access to NRDs for the first 32 days after they have been registered or have undergone a change in ownership.
A recommendation was also made to block complete top-level domains (TLDs) that are predominantly used by bad actors (the threat kind, not the cast of Hollyoaks). The study calculated the top 15 TLDs with the highest malicious rate on recent NRDs and found the worst three offenders were “to,” “ki” and “nf.”
The study concludes: “We recommend blocking access to NRDs with URL Filtering. While this may be deemed a bit aggressive by some due to potential false-positives, the risk from threats via NRDs is much greater. At the bare minimum, if access to NRDs are allowed, then alerts should be set up for additional visibility.”
Written by Sarah Coble
Microtechs 24x7x365 White label support services
Based in Surrey, Microtechs are an established and experienced end user support centre. Our Help desk and NOC experts can monitor your servers and support queue (email, RMM & phone) 24×7 or just as overflow. The Microtechs White Label support service offers a cost effective, 24×7 support option perfect for providers with an expanding customer base.
You may ask yourself:
- How can I offer support 24/7 without the stress & cost of recruiting and training?
- How can I free up my team’s time, to enable us to grow the business?
- How can I improve my bottom line?
Microtechs can help.
- Office hours or 24/7
- UK based from Guildford, Surrey
- 1st & 2nd line / NOC and incident management capabilities
- Ability to learn bespoke applications
- All white labelled to your brand
- 25-50% reduction in overheads
- Pricing from £500 per month
- Sole traders through to enterprise companies supported
Here’s what our customers have said;
“Using Microtechs to extend the helpdesk capabilities for our organisation has been a very worthwhile venture for us. The transition was very easy and simple, and we have found the Microtechs staff to be both knowledgeable and professional; in their dealings with our clients.”
“My customers receive a polite service and their issues are dealt with quickly and professionally. In short Microtechs provide a courteous, effective and cost-efficient service that enables me to offer my customers 24/7 support without the associated expense.”
It would be great to have a chat with you and understand a little about your business, even if you are not quite ready to outsource.
Live chat us now or call 01483 407417