The domain expiration of the Internet has become a point of attention for many companies. The use of domains that have expired has become a widespread practice with which to carry out many cyber attacks.
The granting of Internet domains is not an act of immediate management or of unlimited validity. Domains, when it comes to names that conflict with third parties, are subjected to a thorough analysis before being registered. But not everything stops there, they also need be renewed periodically to maintain ownership.
The most common is that the loss of an Internet domain is the result of a forgetfulness or an internal administrative change that makes the point of contact unavailable for any notification. But they are not the only causes. Sometimes the reasons are deliberate: temporary domains are created simply for experimental use or are canceled because of a name change within the company.
What happens to expired domains?
When the expiration date of a domain reaches its end, a series of steps are usually triggered that conclude with the temporary retention and notification of said situation to its last owner. However, if after a certain time (depending on the company in charge of the registration), the owner does not respond to its renewal, it will go to what is known as the “list of domains to release” (“domain drop list”), at which time it will become a candidate to be used by third parties.
The risks that affect expired domains focus on their reuse for illicit purposes. They mainly affect identity theft through phishing techniques. Among the most used techniques are included not only the publication of new websites that supplant the original, but also, for example, the use of email addresses of the former owners or even access to corporate services of its previous owner or from third parties.
One of the most common ways of illicitly use expired domains comes from the use of programs or query scripts on services originally provided by the previous owner. If the domain has expired and has been acquired by a cybercriminal, those services could be spoofed and replaced, for example, by malware downloads that would initially be difficult for victims to detect.
Something similar happens if a user account for an external service uses the email address of a domain that has been acquired by a cybercriminal as an identifier. Similarly, the use of obsolete domains can lead to almost perfect impersonation in which the victim would not be aware that they were accessing the wrong site.
How to know the domains that are free?
There are numerous services that offer the possibility not only to know which domains are free, but even to bid to acquire those whose names are attractive. On the Internet we can find a wide range of services in which to consult the domains that are registered daily.
Similarly, it is possible to know the domains that will be free in a short period of time. In this way it is possible monitor your renewal and access your property. Just by way of example, in Spain between 400 and 500 Internet domains (“.es” domains) are free every day, which can be acquired again by anyone.
Now, just as a completely legal domain can fall into the hands of a cybercriminal taking advantage of the inertia of the brand image that has been carved out over time, even a domain with a bad reputation can be acquired by lawful owners without experience, causing serious inconvenience.
There are multiple tools that allow knowing the reputation of an Internet domain through reliable, favorable, neutral or completely untrustworthy domains.
On the Internet there are lists of domains that are usually blocked because they have been classified as untrustworthy. This is what is known as blacklisting. If a provider of one of these services decides to include a domain in one of their blacklists, it will be very difficult to get out of them without being subjected to intense scrutiny.
The reasons There are many reasons why a domain can appear on a blacklist, from its use for downloading malware to being used as spam platforms for sending emails. But they are not the only reasons. On many occasions, domains can appear on blacklists due to other irregularities, such as the use of plugins that are not considered safe or even because they are classified as potential phishing sources due to their similarity to another domain classified as trustworthy. The managers of these lists are numerous and are accessible both nationally and internationally.
second hand domains
Whatever the case, the truth is that Internet domains are key elements for the credibility of any company that makes use of services on the Internet. Using them indiscriminately or forgetting, renewing your property periodically can give rise to numerous security problems linked to the change of ownership that not only affect the company’s security, but can also put third parties in difficulties.
In the same way, and inversely, taking ownership of a domain whose previous owner has caused it to appear on Internet blacklists can give the new owner real headaches when it comes to making the domain trustworthy. acquired.
Juanjo Galán, Business Strategy at All4Sec
