New domain names such as .shop and .xyz are proving popular for cybercrime
- The report shows that new generic top-level domains, such as .xyz, have disproportionately more phishing websites
- Researchers believe this is because they are affordable and have very few registration requirements
- More and more new domains are being announced, making the risk much higher
New forms of domain names, such as .top, .shop and the like, are unfortunately proving popular among scammers and cybercriminals, new research shows.
The Cybercrime Supply Chain 2024 report, published by researchers at the Interisle Consulting Group, used data from the Cybercrime Information Center to analyze 16 million cybercrime events and concluded that there is a serious discrepancy between the total market share of newly created top-level domains and their use in cybercrime.
New generic top-level domains (gTLDs), introduced in recent years, currently represent 11% of the total domain name market. Yet the report shows that they account for more than a third (37%) of cybercrime domains. At the same time, more ‘traditional’ domains, such as .com, .net, .org and the like, make up more than half of the total domain name market, yet account for just over 40% of cybercrime domains. same as gTLDs.
Cheap and simple
Delving deeper into the reasons for this discrepancy, the researchers determined that new gTLDs try to attract customers with cheap prices and a quick registration process. In fact, the researcher said that some of the gTLDs with the highest cybercrime domain score offered registrations for less than $1, or $2. The cheapest price for a .com domain they could find was $5.91.
Cybercriminals use these domains to create fake websites, steal landing pages, and more. When combined with cheap email distribution, phishing attacks cost threat actors virtually nothing while simultaneously generating hundreds of thousands of dollars in damages, if not more.
When analyzing the report, Krebs on safety Noted phishing attacks increased by almost 40% in the year ending August 2024, demonstrating the popularity of this attack vector among cybercriminals. And with new gTLDs soon to be introduced, these types of attacks are likely to spread even further and cause even more damage.