Namecheap refines its strategy to combat malicious domains
Domain Registrar Namecheap, Inc. is commended for improving the reporting and remediation strategy for malicious domains, although it is not clear exactly what drove the changes for the company.
Security researchers recently took to Twitter, citing a significant improvement in Namecheap’s response time to suppress URLs used for phishing attacks, business email compromise, and other threats. For example, security researchers at MalwareHunterTeam, which runs the free ID Ransomware malware service, discovered a domain spoofing the National Health Service under the pretext of signing up for a digital coronavirus passport. This time, Namecheap deleted the bogus site within an hour.
And according to MalwareHunterTeam, that wasn’t the only incident Namecheap responded to quickly. “Today, Namecheap reported about 40 phishing / malware domains. All of them were resolved within an hour,” researchers said last week. on Twitter. “More than half of them are less than 30 minutes, some less than 10 minutes, at least 1 in
Other security researchers have also noted the improvement. Andrew Thompson, senior director at Mandiant, said Namecheap’s faster responses make it harder for threat campaigns to be successful. “We should expect all registrars to act this way,” he said in an Tweeter. “I would say we should take it a step further and say they should do better at limiting who and how domains are registered in the first place, but it’s a start. Make the opponents fight again.”
A new focus on fraud and abuse prevention, which has increased dramatically during the COVID-19 pandemic, may explain the changes in Namecheap’s response time.
In one blog post Earlier this month, Namecheap CEO Richard Kirkendall described the new ways the company is acting against malicious domains. This includes increasing investments, changing strategies, introducing validation, maintaining new reporting channels for law enforcement, establishing a COVID-19 task force and more. again.
Kirkendall said Namecheap has invested heavily in efforts to tackle online fraud and digital abuse. This investment increased by 52% from 2019 to 2020. Additionally, the company has changed its approach by investigating and responding to the latest tickets first, rather than working from the oldest ticket. According to the blog, this reduced Namecheap’s response time to a few hours.
These changes appear to have been enacted in response to COVID-19, when cybercriminals took advantage of the pandemic by creating fake domains related to coronaviruses.
“In 2020 alone, Namecheap received 1.27 million abuse reports, which is an 85% increase in support tickets over the previous year,” Kirkendall wrote in the blog.
It is not known why Namecheap decided to radically overhaul its fraud and abuse resolution processes. A Namecheap spokesperson told SearchSecurity that the company wants to better tackle malicious domains and make the internet as safe as possible for everyone.
“I wouldn’t say we see this as a competitive advantage,” the spokesperson said. “Our goal is to identify, investigate and stop all forms of fraud as quickly as possible, while ensuring due process rights for all of our clients.”
Past issues for Namecheap
As fraudulent domains and cyber threats have skyrocketed during the pandemic, affecting organizations of all kinds, many domain registrars have been slow to respond to reports of abuse or fraud. Sometimes these slow or nonexistent efforts can lead to legal action from organizations whose legitimate domains are being spoofed.
Namecheap ran into such problems last year when it was affected by several complaints, both filed in March.
The Ministry of Justice has filed a temporary injunction against Namecheap on the domain name “coronavirusmedicalkit[.]com “, registered by the company. The domain has been used under false pretenses, promoting fake coronavirus kits for purchase.
“Namecheap, Inc. plays a vital role in the program by serving as the website’s domain registrar, allowing potential victims to access the website,” the complaint mentionned.
Facebook has also filed a lawsuit, this time against a proxy service offered by Namecheap called Whoisguard. The social media giant claimed the service was being used by malicious actors behind 45 domain names that appeared to be affiliated with Facebook apps. Christen Dubois, director and associate general counsel for intellectual property litigation at Facebook, posted a blog on March 5 citing the reasons for the lawsuit.
“We sent notifications to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these counterfeit domain names, they refused to cooperate,” Dubois wrote in the Blog.
According to trial, Namecheap has repeatedly failed to take steps to investigate and respond appropriately to any reports of abuse, as required by the Registrar Accreditation Agreement of the Internet Corporation for Assigned Names and Numbers (ICANN) .
In June, Kirkendall posted a blog in response, claiming that if Facebook wins the lawsuit, it will create a backdoor through the General Data Protection and Protection Regulation (GDPR) to users’ personal information.
“We refuse to release your private information unless the company requesting it has established a legal right to it. For many companies, this is good news and a standard they practice as well. small group, however, thinks they are entitled to your information just because of who they are and because they ask, ”Kirkendall wrote in the Blog.
However, last year wasn’t the only time Namecheap was on the domain abuse radar. According to The Spamhaus project, a database of spam addresses, Namecheap was the most abused domain registrar in Q3 2019.
The Spamhaus Project also cited Namecheap in 2020 for its mass recording services, known as “Beast Mode,” which it says is beneficial for spam and ransomware campaigns, as well as for criminal infrastructure operations. According to a blog post By infosec expert Dave Piscitello, botnets and ransomware or phishing as a service particularly benefit from the ability to use the mass registration services offered by domain name registrars.
“Beast Mode, offered by Registrar Namecheap, Inc., illustrates how easily and inexpensively domains can be acquired in this way,” Piscitello wrote in the blog.
Still, security researchers have applauded Namecheap for the recent changes, though they hope those efforts will continue.
“Update on Namecheap after last week: Compared to a few months ago, it’s like a different business, so many positive changes. But compared to what I’d like to see from them, (but this ‘is the same for all other registrars / hosting obviously) they still have a lot to do … “the MalwareHunterTeam wrote on Twitter.