The year's biggest data privacy and cybersecurity concerns
GDPR, WHOIS, HTTPS, TLD abuse. In 2018, data privacy and cybersecurity issues dominated the domain industry. EuroDNS addressed security and privacy challenges - some old, some new - on a number of fronts. A recap of the year's biggest privacy and cybersecurity concerns, and how we were able to help our customers.
Data privacy, cybersecurity overshadow domain industry in 2018
The biggest change to the handling of personal data in more than 20 years, no other issue dominated the domain industry more than the General Data Protection Regulation. GDPR compliance, a legal requirement for any website used by EU citizens, has had far reaching effects, most notably its impact on WHOIS, the decades-old database used to record domain registrants’ names and contact information. Until now, registrars have been required to publish this data, making it available to the public. But as the sharing of personal information now requires legal consent, WHOIS cannot continue to function as it has.
The GDPR has put ICANN (Internet Corporation for Assigned Names and Numbers) in an inconvenient position. On the one hand, ICANN is facing pressure from security professionals with a legitimate need for data contained in the WHOIS system. On the other, they must comply with the GDPR to ensure that WHOIS data is protected per new regulations. ICANN has put in place a temporary policy as the organisation continues to sort out the big question of how to make WHOIS GDPR-compliant - a question with no easy answer.
Google increased its efforts this year to make Internet browsing secure-by-default. Chrome 56, released in 2017, was an initial step towards penalising companies which collect password and credit card information via non-secure HTTPS connections. But this year, Google began marking all non-HTTPS secured websites – no matter what their use – as not secure. Not having an HTTPS-encrypted SSL certificate is no longer an option.
Reports showed that internationalised domain names (IDNs) were increasingly used to create counterfeit sites for phishing purposes. IDNs allow registrants to register domains in non-Latin scripts like, for instance, Cyrillic. But, often, Cyrillic and Latin characters look very similar, easily deceiving users who are redirected to spurious sites which gather their personal data. By year’s end, Donuts began offering protection against this specific threat through its DPML (Domains Protected Marks List) product.
Typosquatting (aka URL hijacking or brandjacking) is nothing new. But along with IDN phishing, reports confirmed an increase in typosquatting in 2018, .CM, ccTLD (country code domain extension) for Cameroon, used to counterfeit legitimate .COM sites. .CM sites garnered a whopping 12 million visits. Additionally, in the lead up to this year’s FIFA World Cup, there seemed to be no end to phishing scams promising fans free tickets, memorabilia, and even airfare. New TLDs (top-level domains) were the weapon of choice for cybercriminals who created websites designed to dupe fans around the world into sharing private data.
Domain name solutions that helped mitigate risks
Of course, EuroDNS took action to respond to the increasing number of data privacy and cybersecurity concerns we saw in 2018. We implemented a number of solutions to help our customers protect their personal data and avoid criminal interference.
We kicked off the year by offering our customers Anycast DNS. (Previously, our managed DNS services used Unicast routing.) Through our managed Anycast DNS services we've been able to provide our customers several distinct benefits: faster connectivity, server reliability and, importantly, stronger security via Anycast's built-in DDoS mitigation feature.
Our new DNS infrastructure has enabled our customers to access an important record type – CAA records. CAA records, provide greater domain security because they give users final say on which Certificate Authority (CA) can issue a specific certificate (Alpha, Domain, Organisation, or Extended Validation) for a domain. Users set the policy for a domain, subdomain, or specific host names.
We also began offering DNSSEC to our customers, simple to set up through the domain management page. DNSSEC verifies records associated with a domain name, ensuring that users aren’t redirected to deceptive sites, i.e. false websites which look like your own and are used for phishing purposes. Once a domain is DNSSEC signed, it cannot be hijacked by cybercriminals.
Like all registrars, we work with a Registrar Data Escrow (RDE) agent, a trusted, neutral third party who safeguards registrant data to ensure it is never lost or inaccessible. And with the GDPR in effect, safeguarding registrant data has never been more important, especially for European-based registrars. EuroDNS has moved from a U.S.-based RDE to one that is based in Europe and understands the full scope of data privacy laws associated with the GDPR.
The GDPR has required a massive overhaul of the WHOIS database, a challenge ICANN has been busy addressing. While there are at the moment no clear answers to questions concerning WHOIS data access - who should have access? how much access? - EuroDNS has taken definitive steps to ensure that we stay as close as possible to the terms of the GDPR, avoiding any actions which overstep the boundaries of what is permissible according to the GDPR.
Data privacy and security trends to watch in 2019
With 2019 upon us, many experts are already speculating on what additional privacy and security challenges await us. Some of the most frequently cited include:
- IoT insecurity
- Cloud insecurity
- National-level attacks
- AI-powered attacks
- Botnet attacks
- Cryptocurrency hijacking (cryptojacking)
- GDPR-compliance concerns.
Regardless on this endless piling up of cybersecurity and data privacy concerns, EuroDNS will remain as committed as always to surmounting the challenges. If 2018 has taught us anything it’s that everyone must up their game. Privacy and security problems are becoming more complex and sophisticated, requiring smarter solutions to help keep everyone protected.
Let us know how we can help you meet privacy and security needs. A member of our sales team would be glad to assist. Contact us at +352 263 725 250 or email@example.com.