Malware, botnets, phishing, pharming, spoofing, fake reviews, spam, and much more: Domain Name System (DNS) and Web Content Abuse have been a problem for a long time, but due to recent developments all over the world, it has only become worse. Abuse is more pervasive and deceptive than ever. Some experts even expect that within the next few years, we will be exposed to false information more often than they will see legit news. That being said, it has never been more important to know what to look out for, how you can protect yourself, and what to do in the case of an attack of the DNS infrastructure. 

In the following, we want to explain why “see something, say something” is essential to fight cyber attacks and digital content abuse and introduce a framework that was initiated in 2019 by a group of innovative domain name registries and registrars. We need to join forces against digital abuse. 

What is the Domain Name System (DNS)? 

At the beginning of the Internet, you needed to know the Internet Protocol (IP) address of a website to visit it. Unfortunately, this procedure was not very effective because the numeric string was hard to remember. Computers and other digital devices like smartphones that help you connect to the Internet communicate with each other using a series of numbers. The DNS was developed to serve as some sort of digital phone book that converts the domain name like www.yourdomain.com into an IP address. In a nutshell, it is a hierarchical and decentralized naming system that allows us to connect to websites using domain names instead of IP addresses. The system automatically maps IP addresses to domain names and still serves as the backbone of our modern Internet. 

The expert team of the IT Briefcase, an Independent resource for IT professionals, recently published an article explaining the DNS in detail and discussing the importance of DNSSEC. The latter is a system which you can typically enable through your domain registrar and provides a way to verify the legitimacy of an IP address. The secure operation of the DNS is important for the healthy growth of the Internet as a global public resource. Unfortunately, the DNS is not immune to abuse and needs to be monitored closely.

DNS Abuse Framework

The introduction of the DNS Abuse Framework was a groundbreaking step in a safer online world. It was released in October 2019 as a multi-stakeholder policy resource to define what types of DNS abuse are appropriate for technical operators to take action on and to combat abuse as well as to promote the safety of the DNS. 

The group of registrars and registries that initiated the framework is committed to bettering the DNS by transforming it into a more trusted space. It includes proposals for operational norms and mechanisms of how and when to act at the DNS level to address abuse. In the Framework, DNS Abuse is composed of five broad categories of harmful activities: malware, botnets, phishing, pharming, and spam as a delivery mechanism.

If you want to read more about this topic, we invite you to start reading the Corporate Service Series provided by the 101domain brand enforcement team, which addresses issues around online security to help you fight abuse and fraud.

What is considered to be abuse? 

Any attack on the DNS infrastructure can be described as DNS abuse. Content-abuse, for instance, can have a detrimental impact on a brand’s reputation and can quickly form a negative reputation. It can also lead to declining user engagement, harm your search engine ranking drastically, or cause an increase in customer acquisition costs. Moreover, you could become legally liable for damages caused by scams, which can cause financial issues. 

For a safe online environment and to eliminate website content abuse, it is essential to act upon all types of threats. Businesses are under increasing pressure to stop fraud before it can happen. If content abuse is not stopped, it will create an online world in which responsible users cannot trust the information they consume or the business that provides it. However, if a company can earn its customers’ trust, it has the chance to stand out from the crowd.

Below you can find some of the many faces of DNS and web content abuse, and how it can potentially harm your business:

• Malware: Malware is a matter of malicious software that can be installed on a device without the user’s consent. It can disrupt the device’s operations, gather sensitive information, or can include a variety of viruses, spyware, and other ransomware.
• Botnets: Botnets are known as collections of Internet-connected computers that have been infected with malware. They help to perform numerous activities under the control of a remote administrator.
• Phishing: When an attacker tricks a victim into revealing sensitive personal information, we call this attack phishing. A cybercriminal can get access through sending fraudulent (also known as look-alike) emails or luring end-users to copycat websites and persuade a user to install malware software.
• Pharming: While phishing attacks trick users into entering personal information, pharming involves modifying DNS entries. Users are redirected to fraudulent sites or services, typically through DNS hijacking, when attackers use malware to redirect victims, or poisoning, which causes a DNS server to respond with a false IP address. 
• Spam: Most of us are very familiar with spam, the unsolicited bulk email that was sent without permission for the message to be sent. The emails are usually sent as part of a larger collection of messages, which all have identical content. Spam is also used as the preferred delivery mechanism for other forms of DNS Abuse.
• Fake listings: Those listings include fraudulent listings or counterfeit goods posted on different online marketplaces. The scammers offer products or services but have no intention to deliver what was promised. The fraudster might trick a potential buyer into giving up personal data like credit card information.
• User-generated content: Content abuse also occurs when fake user-generated content, like social media comments, blog posts, or videos, is created by scammers to harm a business’s good name. When scammers start posting fraudulent content on a platform, chances are users, as well as customers, leave very quickly. Due to the increase of the fake user-generated content, many people started to approach important content with care. Still, users might feel reluctant to engage with the community once they experienced abusive material. Unfortunately, any company that needs user content to succeed is at risk for content abuse.
• Fake reviews: Today, we rely heavily on online reviews to make educated buying decisions. Cybercriminals use fake reviews for phishing, spam, or malware distribution. 

Certain forms of website content abuse, like child abuse material, controlled substances or regulated goods, and violent extremist content, are so egregious that domain name registrars are required to disrupt those forms of content abuse right away.

Taking Action

There is a fine line between free expression and illegal content. It is important to mention, that registries and registrars can only disable entire domain names and do not have the ability to target the abusive parts of the domain. Therefore, they have to balance the harm faced by a complainant with potential damage to a registrant.