Jul 25, 2024 21:00:00

Nonprofit organization ICANN warns registrars of '.top' domains for high rate of phishing sites

On July 16, 2024,

the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit organization that aims to ensure the stable and secure operation of the network, issued a letter to owners of '.top' domains criticizing them for 'failing to report phishing attacks involving .top domains.'

ICANN_Letterhead_Generic_Letter
(PDF file) https://www.icann.org/uploads/compliance_notice/attachment/1225/hedlund-to-wenxia-16jul24.pdf

Phish-Friendly Domain Registry “.top” Put on Notice – Krebs on Security
https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/

ICANN has not specifically named the owner of the .top domain, but security expert

Brian Krebs said the registry is run by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd.

'The .top domain registry does not have a process in place to promptly, comprehensively, and reasonably investigate and address reports of DNS abuse,' ICANN said in the letter, and 'Jiangsu Bangning Science & Technology Co. Ltd. failed to respond appropriately to reports of phishing attacks involving the .top domain.'

In fact, a survey by corporate management consultant Interisle Consulting Group revealed that of the 2,768,147 .top domains in existence between May 2023 and April 2024, 117,014 were phishing sites. The number of 117,014 phishing sites is second only to the number of phishing sites in .com domains, which numbered approximately 380,000.

According to Krebs, Jiangsu Bangning Science & Technology Co. Ltd. has previously been reported to own a large number of domains used for phishing sites, and a 2013 study found that 14.7 out of 10,000 domains were malicious.

In recent years, it has been reported that phishing domains have plummeted as a result of the domain registrar Freenom being sued by Meta.

Meta sues domain registrar Freenom for alleged cybersquatting - GIGAZINE

On the other hand, since Freenom's lawsuit, it has been revealed that there has been a sharp increase in phishing attacks involving websites created with Google's blogging service, Blogspot , and that phishers are registering large numbers of subdomain services such as weebly.com, github.io, wix.com, and ChangeIP.

Dave Piscitello of Interisle Consulting Group said, 'ICANN should issue similar warnings to many top-level domain registrars, not just .top.' He also argued that 'domain registrars could significantly reduce the number of phishing sites registered through their services by simply flagging customers who try to register large numbers of domains at once.'

In addition, a study by Interisle Consulting Group found that approximately 27% of domains used in phishing were registered in bulk, and one case in which a phisher registered 17,562 domains in just eight hours using a random .lol domain.