A study by Palo Alto Networks shows that Newly Registered Domains (NRDs) are used with malicious intent or are ‘not safe for work’ (NSFW) in 70 percent of the cases. The company will report this in a report on Tuesday.

Palo Alto reports that this is almost ten times as much as the malicious domain names among the top 10,000 Alexa domain names. The vast majority of malicious domain names also have a very short lifespan. Sometimes even so short that security experts cannot even detect the sites before the damage has already been done. According to Palo Alto, companies should therefore block NRDs by default, as a precaution.

Types of abuse

The Palo Alto system identifies more than 200,000 NRDs every day. The domain names are divided into a number of categories by Palo Alto. These are evil, suspicious, not safe for work, benign and others. The first category covers domains for malware distribution, command & control (domains that make malware work), and phishing sites. Suspicious sites can be classified as such, for example, because there is no activity or too little content on the site. NSFW is about everything that is meant for the workplace, from gambling sites to sites that contain pornographic material.

Not surprisingly, the top-level domain .com sees the most NRDs, followed by .tk and .cn. However, most malicious NRDs were found in the .to, .ki and .nf TLDs. Reasons for the use of these domains include free registration, less stringent regulations or the difficulty of finding the registered users. The phenomenon of “typosquatting” is also common: these are NRDs for the misuse of typosquatting errors. For example, if someone types “googel” instead of “google”, the “googel.com” domain is abused for advertising revenue or phishing, for example.

Palo Alto mentions a number of similar techniques with which NRDs are abused by cyber criminals. Palo Alto recommends to block these domain names by means of URL filtering. Even if the benign websites are lumped together in this way, because the risk of NRDs is simply too great, says the company.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.