- Report finds new generic top-level domains, such as .xyz, have disproportionally more phishing websites
- Researchers believe it is because they are affordable and come with very few registration requirements
- More new domains are being announced, making the risk that much greater
New forms of domain names, such as .top, .shop, or similar, are proving unfortunately popular among scammers and cybercriminals, new research has claimed..
The Cybercrime Supply Chain 2024 report, published by Interisle Consulting Group researchers, used data from the Cybercrime Information Center to analyze 16 million cybercrime events, concluded there is a severe discrepancy between the overall market share of newly created top-level domains, and their use in cybercrime.
New generic top-level domains (gTLDs), introduced wihin the last few years, currently make up 11% of the total domain name market – yet, the report found they accounted for more than a third (37%) of cybercrime domains. At the same time, more “traditional” domains, such as .com, .net, .org, and similar, make up more than half of the total domain name market, yet account for slightly more than 40% of cybercrime domains, almost the same as gTLDs.
Cheap and simple
Drilling deeper into the reasons for this discrepancy, the researchers established that new gTLDs try to attract customers with cheap prices and a fast registration process. In fact, the researcher said that some of the gTLDs with the highest cybercrime domain score offered registrations for less than $1, or $2. The cheapest price for a .com domain they could find was $5.91.
Cybercriminals use these domains to create fake websites, infostealing landing pages, and more. Paired with cheap email distribution, phishing attacks cost the threat actors virtually nothing, while at the same time resulting in hundreds of thousands of dollars in damages, if not more.
Analyzing the report, Krebs on Security noted phishing attacks increased nearly 40% in the year ending August 2024, demonstrating the popularity of this attack vector among cybercriminals. And with new gTLDs soon to be introduced, these types of attacks will most likely spread even more, and cause even more damage.