Recent media headlines have focused on the dramatic expansion of new Internet “generic top level domain names” or “gTLD”. gTLD domain names are the names to the “right of the dot” in Internet addresses (for example: .com). These will now be joined by many other new name domain extensions. While most news stories have focused on the impact of this change on business and technology, the effect of these new domain names on security is also very important to understand.
Innovation and new technologies are welcome additions to the Internet landscape, but they also increase the need for cybersecurity awareness. Part of good cybersecurity practices is to always look at a website address to confirm it is the intended destination. In Symantec’s most recent Internet Security Threat Report, it was highlighted that cybercriminals are increasingly using shortened web address links to confuse potential victims. With the addition of so many new domain names, it will be even more difficult for Internet users to visually look at an Internet domain name address to confirm it is the correct destination, let alone whether it is safe. This increases the importance of using website reputation services, such as Norton Safe Web, to determine if a particular site is a safety risk before you visit it. There are a lot of unsavory websites out there, and the addition of so many more domain names requires heightened user awareness.
For several years, I worked at a large Internet domain “Registry”. A Registry is a company that manages a top level Internet domain name (such as .com). Part of my responsibility was to design and manage the security program for the domain. While this program proved very successful, it also demonstrated the infamous “whack-a-mole” problem. Cybercriminals avoided the domain I managed, but targeted other domains with weaker security policies. Most new domain companies will be legitimate businesses, and there also are substantial policies being implemented to require strong security in the new domains. However, just as some current domain registries with weak security policies are targeted by cybercriminals, we may see some of these new registry companies take time to fully implement their security programs. This could be an invitation for cybercriminals to target consumers. These new domains, especially as they get started, will likely be targeted by creative cybercriminals trying to exploit new vulnerabilities and attack consumers. It will be more important than ever for Internet users to maintain careful security practices to guard against any new threats that may appear.
Finally, an important question to consider is how the new domain names will effect law enforcement. This question is better considered in the “big picture” of all new technology. Cybercriminals traditionally have targeted new devices and technology products that can be used to pursue consumers. Mobile devices are an example of a great technology that benefits everyone, but which are increasingly being targeted by cybercriminals to reach new victims. Even great new technology can become a platform for abuse by a cybercriminal. New domain names are really just the latest technology change or innovation that also creates new challenges for law enforcement. The new domains require that law enforcement now adapt to a vastly expanded online landscape that also expands the threat landscape for cybercrime. This highlights the need for continuous industry cooperation to help train law enforcement personnel so they are armed with the best understanding of new technology and how to combat online fraud and abuse. This goal is at the heart of the Norton Cybersecurity Institute training program for law enforcement.
New technologies that increase the online user experience, also can bring new challenges in the fight against cybercrime. Technology changes fast, and cybercriminals move at the speed of light to adapt to it and use it for abuse. The new domain names are not a reason for Internet users to be afraid. For the last five years, I have been involved in helping recommend some of the security practices for Internet domain names and there are many others who are working to ensure strong security across every new domain name. However, this significant change in the Internet is also an important reminder for everyone to maintain good security practices and keep updated security software. This is the best way to stay safe while also enjoying all the great benefits the Internet has to offer.