2021 Malicious Activity Report
DNS and domain name-based predictive threat intelligence company DomainTools has used its database of more than 380 million currently registered domains to identify and report on which ones may constitute threats. Their first report dates from 2015 and this year they have tried to return to their origins.
DomainTools with the services it has can offer risk assessment, help profile attackers, guide online fraud investigations, and map cyber activity to the attacker’s infrastructure. Thus, to make the right decision about the level of risk of threats to your organization, you have the Iris research platform.
Malicious sites have been identified in the report, checking domain names against various known industry block lists along with a count of malicious domains hosted. Furthermore, it also uses a measure of “signal intensity” based on populations of known defective domains. You may be interested in knowing what hosting I need for my company.
Malicious activity on domains
The report revealed that certain top-level domains (TLDs) have a bad name among security teams. In this regard, the ones with the worst reputation are the newer generic domains such as .live, .top and .xyz.
On the other hand, the more traditional domains such as .com, .net to which we have to add country domains such as .es, .fr and .uk do not appear in the top 10 lists of suspicious web pages. This report provides signal strength tables for each of these three threat types (phishing, malware, spam). This is an example with the .bar TLD selection:
Here you can see that the top domain level .Pub has a malware signal strength of 108.93. In this case, it was found that it was the highest malware signal of any TLD on the Internet according to the methodology used in DomainTools to make this report. You may be interested in knowing these methods that they can use to sneak malware into you.
Domain geolocations and other findings
Apart from domains, the report also looked at IP geolocations. One piece of information he revealed is that there are a large number of malicious domains hosted in Russia and the United States. However, in relation to the total number of domains registered in these locations they do not have a particularly important representation. On the other hand, places like Hong Kong and the Seychelles have a large number of suspicious domains relative to all they have. Additionally, certain domain registrars and certificate authorities also exhibit higher levels of sites engaged in malicious activity.
A curious fact is that most of the newly created domains every day show no signs of harmful activity. Instead, the report concludes that most of the malicious domains are the newer ones. In summary, thanks to the DomainTools report we have seen which domains are more likely to have malicious activity and also their geolocation.
