Lucie Loos, Author at Cybersecurity, intellectual property and domain names news

Abandoned domain names vs renewed domain names: any observations?

Abandoned domain names vs renewed domain names - Nameshield — *Image source: JanBaby via Pixabay*

As a registrar, Nameshield has an accurate view of the typology of abandoned domain names and domain names kept by their holders when they clean up their portfolio.

As in all sectors of activity, phenomena that could be said to be “trendy” can even be seen in cybersquatting and therefore in domain names that are abandoned or maintained.

Let’s take the example of typosquatting, there was a time when it was essential to register domain names that included your trademark with as many typographical variants as possible (if your trademark contained the letter O, it was important to register a version with the number 0 instead of the O etc.), because cybersquatters were then very focused on this type of hijacking attempt. A decade later, cybercrime has changed and, while it is still important to register typographical variants, only the most pertinent ones are relevant today. As a result, many companies have abandoned the most distant variants.

The same goes for extensions. At certain periods, the risks of cybersquatting are greater depending on the registration conditions. A “first-come, first-served” extension is more at risk than a TLD requiring, for example, a locally registered trademark. Since the domain names registrations rules are set by each registry, they are likely to change over time, with the result that potential abandonments may occur.

An interesting study published at the end of 2019 by Frank Moraes, indicated that considering the first 8 extensions, only 29.79% of registered domain names would be renewed each year. Of the remaining 70.21%, 41.22% would simply expire and 28.99% would be registered by a new holder.

Only one domain name out of three would therefore be renewed the year following its registration! However, the rates vary significantly and the highest renewal percentages are unsurprisingly for .NET (46.3%), .ORG (44.24%) and .INFO (34.56%).

On the contrary, the lowest renewal rates are for .CN (1.72%), .BIZ (16.6%) and .TOP (22.22%).

What about .COM? The .COM TLD remains undoubtedly the most popular extension. If the study cited above only places the .COM in fourth position in the percentage of renewals (certainly taking into account the sampling), the renewal rate of the .COM is more around 80% and is relatively stable from year to year.

.ZA websites will have to propose a link towards the COVID-19 official website implemented by the government

South Africa - .ZA domain names - dot ZA — *Image source: 12019 via Pixabay*

Since last Thursday, the South African government has imposed to all websites using domain names in .ZA to propose a link that redirects towards the official Covid-19 information website implemented by the government: www.sacoronavirus.co.za

This new rule applies to all .ZA websites, regardless of their content.

The two other extensions managed by ZADNA registry, JOBURG and .CAPETOWN are also affected by this rule.

In the same logic, the registry also invites Internet services providers to block any websites which spread fake news.

Lastly, it is interesting to note that the government’s COVID information website is not www.coronavirus.co.za but www.sacoronavirus.co.za. This is because the domain name www.coronavirus.co.za has been registered by a domainer who proposes on his website to resell the name in question.

Like all crisis or news, COVID-19 led to a massive registration of domain names containing the associated terms, some unscrupulous players seeking to take advantage of the situation.

Unsurprisingly, during this unprecedented and complicated period, there has been a high increase in the number of cybercriminal attacks of all kinds.

Why is the sale of .ORG registry a source of debate?

Sale of .ORG registry - PIR Public Interest Registry - dot ORG - Nameshield

In November 2019, a press release announced that .ORG registry, Public Interest Registry (PIR), a non-profit organization managed by Internet Society, is going to be sold off to Ethos Capital, a private equity firm.

.ORG is the extension for non-profit organizations. The acquisition of PIR by Ethos has quickly concerned the organizations using .ORG, on the basis of the potential misuse of the extension by its new owner, which has, by its very nature, profit motives.

The concern? That the registrations and renewals fees for .ORG domain names increase.

Yet, key figures of the Internet’s world, like Andrew Sullivan (Internet Society CEO) are exited, seeing in this a strong strategic partnership and a significant financial contribution allowing Internet Society to advance its mission of a “more open, accessible and secure Internet for everyone”, as he wrote in the press release about the acquisition of November 13, 2019.

It would seem that the fears created find their origin in the “surprise” and lack of transparency around the deal, since the transaction amount has not been disclosed.

These fears are, of course, the corollary of the removal on June 30, 2019, of the price caps imposed until now to .ORG fees (historically low) by ICANN, despite many reservations expressed by the community. Finally, the fact that Ethos has directly or indirectly a number of close connections to former ICANN members raises concerns to several voices of the industry.

The fear to see the increase of .ORG prices led Electronic Frontier Foundation (EFF) to launch the SaveDotOrg campaign, which aims to raise awareness about the potential impact of a .ORG price increase on the NGO’s budget constraints.

Also the possibility that Ethos Capital later implements a principle of rights protections that could lead to a form of censorship, as currently practiced in some countries wishing to silence NGOs.

In front of these protests, ICANN suspended the acquisition operation last December and requests clarification from the Internet Society.

More recently, in January 2020, a new candidate of the .ORG extension acquisition has appeared. It is a cooperative corporation (Cooperative Corporation of .ORG Registrants), gathering some web pioneer and former members of ICANN.

To be continued!

Advices on how to change the domain name without losing its referencing

During a rebranding for marketing purposes, in the context of a merger or an acquisition for example, a company can change its website’s domain name.

At the search engines’ level, it is all the pages that change, as if this was a brand new website. Therefore, how not to lose the work done on the SEO and make a successful transition, in particular if the website is old?

In the case of a rather old website with an optimal referencing on the existing domain name, transferring a website on a new name can ruin the time-consuming work that is the SEO. If the decrease of the traffic from organic search is normal (and temporary), some advises can help lessen the downturn, at least during the transition period.

Copy identically your website and implement 301 redirections

The first tip is to completely keep the website’s architecture, so that only the domain name changes in the URL.

Then, permanent redirections (301 redirections) must be created from each pages of the former website towards the corresponding page of the new website. Do not implement multiple redirections.

This process must be closely monitored to ensure that each 301 redirection is effective. The search engines will know that it’s not necessary to index the former name anymore but it’s the new one that must be indexed now. To ensure this, it is necessary to check that none of the former pages is accessible through the former domain name.

Have the backlinks updated

Google uses parameters linked to confidence indicators in its algorithm, thus to trusted websites, deemed as such by the search engine (indicators like the age of the website, the transparency of the legal notices, the ratio links number/words number per page, the links number pointing from other websites to this one, the extensions like .edu, .gov, the institutional websites, media websites, etc.) Hence, it can be interesting to quickly obtain the links from this kind of trusted websites at the time of the migration.

Along the same lines, reviewing your backlinks and requesting to the websites that refer to your website to update these links, so they link towards the new name, is an advantage. Of course, if you have many backlinks, concentrate on the more important backlinks regarding the referencing.

Inform Google

Lastly, it’s possible to directly inform Google of the changing through Google Search Console, the search engine will then update its index.

Register the sitemap

By submitting a sitemap file for the new website to the search engines, you will gain time in referencing by immediately giving to the engines the pages to index.

Keep the same holder for the new domain name

Make sure that the new domain name has the same proprietary information on its whois as the former domain name. Google may check these data.

Be patient

Do note that on Bing you will need an average of 2 months to get your referencing back, and about 6 to 7 months on Google.

The alarming Kaspersky report: nine times more attacks aiming connected objects than in 2018

Last October 15, Kaspersky, the antivirus software company, published an edifying report about the volume of cyberattacks directly aiming connected objects.

Although the industry expected that this new generation of objects would be directly targeted by cyberattacks, the increase in the cyberattacks number is alarming and lets easily imagine the security flaws that the connected objects present.

According to the estimation presented by Kaspersky, between the beginning of 2018 until mid-2019, the attacks would have reached the record of 105 million, i.e. nine times more than the previous year as a whole.

In order to conduct this research, Kaspersky used the trap technique by deploying more than 50 honeypots across the world. A Honeypot is a program that imitates the connected objects’ signature specifically created to attract cybercriminals. It was then possible to detect attacks from pirates that fell into the trap set for them. According to Kaspersky, during this experience, more than 20 000 sessions would have been infected every 15 minutes. 105 million attacks from 276 000 unique IP addresses have then been detected (compared to 12 million in 2018).

Furthermore, the report indicates that both in 2018 and 2019, China and Brazil are vying for the top position of the countries that served as the origin of the attacks launched.

The main malwares that use the security flaws of connected objects are well known (Mirai for example) and identified.

While we are aware that IoT is a privileged playground for pirates, the first security measures are far from being systematically applied. It’s essential for example to change the password installed by default for each connected devices’ purchase. For reminder, although technologies of cyber malice are indeed more and more sophisticated, the first gateway for pirates remains the users’ lack of vigilance.

Satori Botnet: The hacker facing up to 10 years imprisonment did not act alone

We now know more about the cyberpirate, Nexus Zeta, whose real name is Kenneth Currin Schuchman, who distinguished himself with the creation of the Satori botnet.

Pleading guilty to the charges regarding Satori botnet creation, his confessions describe the implementation of this attack using IoT flaws.

For reminder, a botnet is a set of infected computers remotely controlled by a cybercriminal. The machines that belong to a botnet are often called “bots” or “zombies”. The aim: to spread a malware or a virus to the greatest number of machines possible.

The hacker Nexus Zeta did not act alone but worked together with two other cybercriminals: Vamp who served as the primary developer/coder of Satori and Drake who managed the botnet sales.

The Satori botnet was created based on the public code of the Mirai IoT malware.

For reminder, in 2016, Mirai was the source of one of the biggest DDoS ever seen in 2016, targeting in particular the American provider DYN. The functioning is based on the permanent research on the Internet, of IP addresses corresponding to connected objects (IoT). Once the vulnerable connected objects identified, Mirai connects to them to install the malware.

If the Satori botnet mainly attacked the devices running with factory-set or easy to guess passwords, in its first month of deployment, it has infected over 100 000 devices.

Between 2017 and 2018, the three hackers continue to develop Satori, which they will rename Okiru and Masuta. The botnet went as far as to infect over 700 000 devices.

Officially accused by the American authorities, Kenneth Currin Schuchman is free until his trial. However, he breaks the pre-trial release conditions by accessing the Internet and developing a new botnet. It is in October 2018 that he is this time arrested and jailed. Pleading guilty, he’s facing up to ten years in prison and a fine of 250 000 dollars.

.AU domain names soon available for registration

Until now, Australian domain names were only available for registrations in second level extensions, in particular .COM.AU.

If the decision to open the .AU registration goes back to 2015, it took four years to set the rules!

It seems that starting October 1^st, 2019, the holder of the existing .com.au domain name, for example forexample.com.au, will be able to apply for priority status to register the exact match of their existing name in .AU, forexample.au.

The detail of the priority allocation system are below:

2 priority status (from 2019/10/01 to 2020/04/01)

–Category 1 : Third level domain names (com.au, net.au, org.au, asn.au, id.au, edu.au, qld.edu.au, nsw.edu.au, eq.edu.au, act.edu.au, vic.edu.au, sa.edu.au, wa.edu.au, nt.edu.au, catholic.edu.au, schools.nsw.edu.au, education.tas.edu.au, sa.au, wa.au, nt.au, qld.au, nsw.au, vic.au, tas.au and act.au) registered on February 4^th 2018 at the latest will be assigned to priority category 1 for the registration of the same name in .AU.

–Category 2: Third level domain names registered after February 4^th 2018 will be assigned to priority category 2 for the registration of the same name in .AU.

The date of the general availability is not announced yet.

The registry indicates that more information will be published in the next weeks, we will keep you informed.

The new .AU licensing rules might also come into effect at the fourth quarter of 2019 (for all the extensions: .au, .com.au, .net.au, .org.au, .asn.au, .id.au).

Lastly, we can note that the general availability will allow the registration to individuals/companies which respect the Australian registry’s conditions (local presence in Australia).

For any questions, Nameshield’s teams are at your disposal.

Europe decides to apply sanctions to transboundary cybercriminals

On Friday May 17^th, 2019, the Council of Ministers of the European Union presented the creation of a blacklist identifying the perpetrators of cybercrimes located outside the EU.

Thus this is a new legal context which has been validated by the EU in order to try to reduce the continuously growing cyberattacks’ number. Now, the EU will indeed be able to sanction individuals or entities involved in the cyberattacks carried out from outside the EU.

Europe seeks through this measure to protect as far as possible the most critical infrastructures, regarding electoral or health systems for example, from cybercriminals, by abolishing the impunity which the international hackers seemingly enjoyed.

If there is no name on this famous list today, the situation could change soon.

Recently, the British Foreign Secretary, Jeremy Hunt declared that “for too long now, hostile actors have been threatening the EU’s security through disrupting critical infrastructure, attempting to undermine democracy and stealing commercial secrets and money running to billions of Euros. Hence, this decision was necessary.”

It’s now very clear that the cyberattacks carried out by nations, against nations or entities, tend to multiply. It’s important to note that these sanctions can be retroactive. To this day, the sanctions are not clearly defined: travel bans and assets freeze against those we know have been responsible for these actions? Several options are presently being studied.

Cyberattack: G7 and France organize a cyberattack simulation in the finance industry

Faced with the upsurge and the continually increasing strength of cyberattacks, a simulation exercise of a cyberattack in the finance industry will be organized by the members of the G7, the world’s major economic powers.

In the French presidency context, France will be the one that will run this test in which 24 financial authorities of the 7 members of the G7 will participate during 3 days.

Today it is no secret that the banking sector is one of the most targeted by cybercriminals [according to an IBM’s research, 19% of the attacks would aim banking institutions].

Thus, for the first time, the G7 countries organize a cyberattack cross-border simulation in early June 2019. This test is organized by the Banque de France (the central bank of France) and proposes the following scenario: a malware will be injected in a technical component widely used in the financial sector.

As indicated by Bruno Le Maire, the Minister of Economy and Finance of France “cyber threats are the proof that we need more multilateralism and cooperation between our countries”.

According to this argument, this same exercise will be conducted at the same time in the other countries, giving it a specific dimension. If other exercises of this kind have indeed already been done before, particularly by the Bank of England and the European Central Bank, none of these tests was done simultaneously.

What are the results sought in this joint exercise? Firmly establishing the risks of a cyberattack’s epidemic spread, in order to be able to enhance the infrastructures security and to ensure the reactivity in case of attack and prevent a wide contagion.

Game of Thrones: The return of the [MALWARES] white walkers by dozens

As with each event where massive interest is expected, the launch of the final season of Game of Thrones is a golden opportunity for pirates.

According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.

For if the fans are many in France, without subscription, the only solution to watch the so awaited episodes is illegal downloading on torrent websites.

It is through this means that the cybercriminals infect the unsuspecting web users’ computers. First warning, do not install programs at the request of the torrent websites, they can contain a malware!

Indeed, two kinds of frauds are principally used:

Malwares: the malicious software are launched on torrent websites used by the fans of the series to access to the watching of the precious episodes.
Phishing: many phishing attempts have been counted, the pirates use the official image of Game of Thrones to try to retrieves your personal data.

This season, the cybercriminals are almost as creative as the scriptwriters of the successful series: many and various fake contests allow these hackers to collect email addresses and other bank details.

Counterfeiting is also in the game, with an observed increase of websites proposing many so-called “official” products but being nothing more than counterfeits.

Thus, Nameshield recommends to the fans to be highly vigilant!

For reminder, here are the basic principles to respect in order to serenely navigate and not be trapped by unscrupulous hackers:

Do not download any plugin of suspicious origin
Properly analyze the URLs before any purchase
Check the presence of the famous HTTPS
Check that the final address corresponds to the searched website

As always on the web, an extra vigilance is needed, because if spring wins our regions, don’t forget that on the web, winter is coming…

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ppwp_wp_session	30 minutes	No description
visit	30 minutes	No description