THE 2021 CYBERSECURITY REPORT INCLUDES THE NUMBER, TYPE AND RESOLUTION OF CASES PROCESSED
85% of the risk cases detected by PUNTUEUS in 2021 have been malignant domains. 0.02% of the total of 13,083 registered .EUS domains.
When we talk about malicious domains we are referring to domains created with malicious intent; according to the 2021 report, most were created using algorithms (200) and the rest (35) were suspected of bad practices. Algorithmically created names are also used in botnet and malware attacks, but most cases have been predictively identified and remediated before any attack occurs. Thus, in total, PUNTUEUS has blocked 235 .EUS domains in 2021.
One of the most important tasks of PUNTUEUS is to ensure the digital security of users and continuous monitoring of .EUS websites. This allows detecting misuse on the web sites and preventing risks and threats.
This permanent analysis identifies not only the malicious registries detected, but also the compromised domains. These have accounted for 14% of the cases identified in the last year.
Compromised domains are .EUS domains attacked by a third party. When the compromised domain is identified, the owner of this domain is informed of the attack suffered and is helped to solve the problem. In fact, it is usual that those responsible for the web have not been aware of the attack.
Manex Garaio, technological manager of PUNTUEUS, has pointed out that “among the cases of abuse that we receive, the registration of malicious domains is usually temporary and lasts 3-4 days. In a case of this type, special attention is required to block the domains as they are generated. The case of compromised domains is different: in these cases our goal is to help domain owners as much as possible, since it is common not to know how to deal with the problem.“
The main tool used to detect cases of risk is the Abuse IQ system. In addition, PUNTUEUS collaborations with the Basque Cybersecurity Center and the Global Cyber Alliance are important to ensure cybersecurity.
Networks of devices used to carry out scams and cyberattacks.
Domains that have been generated, often via an algorithm.
The website or service offered using the domain nme has been compromised and is being used with malicious intent.
Sites that have been compromised by hackers.
Domains showing suspicious behaviors.
Software intended to damage systems or networks.
Fraudulent attempt to obtain sensitive information.
Fraudulent or deceptive act or operation.
Unsolicited emails sent to multiple recipients.
Fraudulent records made using the Covid 19 subject.
The registrant and/or person responsible for publishing content in the domain is using a fraudulent or stolen identity.
The registrant of the domain does not comply with the terms of the registration policy.