A recent study by Interisle Consulting has highlighted the concerning rise in phishing attacks associated with new generic top-level domains (gTLDs) such as .shop, .top, and .xyz. According to the report, phishing grew by 40% between September 2023 and August 2024, particularly concentrating on these gTLDs that offer low prices and minimal registration requirements. Meanwhile, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to introduce even more domains of this type, despite warnings from experts about the risks involved.
The Appeal of gTLDs for Cybercriminals
While .com and .net domains continue to dominate the registration market, accounting for roughly half of all registered domains, the new gTLDs—holding only an 11% market share—were involved in 37% of the domains used for criminal activities. Low prices and a lack of stringent verifications are the primary factors that turn these gTLDs into the ideal target for scammers and spammers.
Among the domains with the highest incidence of cybercrime, nine offered registrations for less than $1, and nearly two dozen charged less than $2. In comparison, the lowest identified price for a .com domain was $5.91.
ICANN and the Expansion of gTLDs
Despite these findings, ICANN is moving forward with plans to introduce more gTLDs in 2026, which has sparked criticism from cybersecurity experts. John Levine, president of the Coalition Against Unsolicited Commercial Email (CAUCE), notes that ICANN appears more like a business entity than a neutral regulator. “Adding more gTLDs without stricter registration policies will only expand the fertile ground for cybercriminals,” Levine warned.
The Economics Behind gTLDs and Associated Risks
The business model of new gTLDs seems unsustainable. According to Levine, although registrars initially attract customers with low prices, these customers do not renew domains after the first year, especially cybercriminals. This results in long-term losses for companies managing these domains.
Moreover, the report highlights that postal services, such as the United States Postal Service (USPS), have surpassed tech giants like Apple and Google as the most frequent targets of phishing attacks in the past year. This is partly due to a criminal group dubbed Chenlun, which distributes phishing kits specifically designed to spoof postal services.
The Rise of Subdomains in Phishing
Another significant change identified in the study is the increase in the use of subdomains for malicious activities. In the past year, there were over 1.18 million cases of subdomains being used for phishing, representing a 114% increase. Services like blogspot.com, pages.dev, and weebly.com have been exploited by cybercriminals, who create large numbers of accounts to host malicious content.
These attacks are difficult to mitigate because only the subdomain providers can disable malicious accounts or pages. The report recommends limiting the mass creation of subdomains and suspending automated registrations on free services to reduce criminal activity.
Conclusion
The Interisle report underscores the urgent need to strengthen domain registration policies and implement stricter controls on subdomain services. As ICANN progresses with its plans to expand gTLDs, experts warn that this decision could further facilitate the work of cybercriminals, jeopardizing the digital security of businesses and citizens.
via: Security News