17 June 2021
Security text on monitor

Cybersecurity has been pushed up the top of many businesses’ priority lists. So it pays to know what tactics cyber-criminals use to gain the data or access they need to work. Domain Name System (DNS) Abuse is what we see a lot of in the world of domains and explore in this week’s blog post.

What is DNS Abuse?
You might not have heard of DNS Abuse, but you’ve probably come across the different categories of abuse in any cybersecurity training you have done. Domain Name System (DNS) Abuse was defined by the DNS Abuse Framework (of which Afilias is a signatory) as comprising of 5 categories:

  1. Malware - Malicious software installed on a device without a users’ consent. For example, viruses, spyware, ransomware, and other unwanted software.
  2. Botnets - A collection of Internet-connected computers that have been infected with malware and are commanded to work by a remote administrator.
  3. Phishing - When an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g. account numbers, login IDs, passwords). You can learn more in our previous blog.
  4. Pharming - The redirection of unknowing users to fraudulent sites or services.
  5. Spam - Unsolicited bulk email. This is included in the categories as it is often used to deliver the 4 other categories of abuse.

The DNS Abuse Institute
The DNS Abuse Institute was created by the Public Internet Registry (the registry operator for .org). The institute has been tasked with creating outcome-based initiatives that will create recommended practices, foster collaboration, and develop industry-shared solutions. As the institute was only formed this year, the institute is focused on three areas:

  1. Driving innovation in the DNS through creating recommended practices for registries and registrars to combat DNS abuse as well as providing funding to further cybersecurity in the DNS.
  2. Serving as a resource for interested stakeholders by maintaining a resource library of information and practices regarding DNS abuse and publishing academic papers and case studies on the topic.
  3. Building a networking forum and a central sharing point across stakeholders by collaborating with multiple stakeholders to fight DNS abuse.

Dr Bruce Tonkin, Chief Operations Officer at auDA, is a new member of the advisory board at the Institute. Bruce says on his appointment:

“I am thrilled to join the Advisory Council.  I look forward to sharing lessons from auDA’s strong track record of implementing policies and compliance practices that help reduce DNS abuse and advancing the Institute’s aims”.

DNS Abuse and .au
In Australia, DNS abuse trends well below the global average. In auDA’s most recent report from DAAR, 0.04% of .au domains had at least one security threat in May 2021 compared to the average of 0.3% in generic top-level domains (gTLDs).

The validation of registrant information and the public availability of this information in our WHOIS service contributes to the relatively low percentage of domain abuse in the .au ccTLD, helping .au remain secure and trusted.