Domain Wars is the struggle between cybercriminals registering domain names for their illicit endeavors and defenders (such as law enforcement, security researchers, and policy makers) trying to stop these malicious domain registrations.
Are we losing the Domain Wars? Despite the efforts of security researchers, law enforcement, and policy makers, it appears that we are losing the domain wars. Researchers from Interisle and ICANN, among others, have found that the number of malicious domain registrations has been sharply increasing in recent years. Further, UNIT 42 and Centripetal discovered a new trend where malicious actors register hundreds of thousands of domains for single campaigns, potentially spending millions of USD on domain registration fees.
The Role of Public Policy in Combating Malicious Domain Registrations. Both public policy and detection capabilities are vital to have a winning chance in the domain wars. I share here the slides I presented to the Law and Policy Subcommittee of the Maryland Cybersecurity Council. In this presentation, I explore past research and a variety of policy ideas, including: increasing domain registration price, strict identity verification, limiting the number of domains a registrant can buy, incentivizing registrars and registries, and progressive domain pricing.
If you are interested in the topic, please feel free to contact me.