New Farsight Security Research on Internationalized Domain Names (IDNs) Reveals Significant Risk of Lookalike Domains To Top Brands

In Total 100M IDN Resolutions Were Observed; Brands in Banking and Finance Found to be Most Often Imitated


SAN MATEO, Calif., June 26, 2018 (GLOBE NEWSWIRE) -- Farsight Security, Inc., a leading cybersecurity provider of DNS intelligence solutions, today released new research entitled, “Global Internationalized Domain Name (IDN) Homograph Report, Q2 2018.” This new research examines the prevalence and distribution of IDN lookalike domain names, also called homographs, over a 12-month period with a focus on 466 top global brands across 11 vertical sectors ranging from banking to retail to technology. The research discovered the potential risk posed by IDN homographs is significant and growing. In fact, Farsight observed 100 Million total IDN resolutions, including 27 Million unique Fully Qualified Domain Names (FQDNs).

Just as the Domain Name System (DNS) enables the vast majority of online transactions, IDNs enable a multilingual Internet by allowing Internet users to register and use domain names in almost any written language. Yet because IDN homographs are easy to register and often go undetected by traditional security solutions, these lookalike domains are increasingly being used to commit phishing and other malicious activities.

“Farsight is committed to making the Internet a safer place for online transactions for all users. As part of this commitment, Farsight regularly conducts research to reveal possible unknown security risks. IDN homographs are largely undetected – as a result, bad guys can abuse these key DNS assets,” said Dr. Paul Vixie, CEO, Chairman and Cofounder of Farsight Security. “Our research proves that it is critical that organizations identify and manage potential risks to their brands, including IDN homographs.”

As part of the research, Farsight evaluated a cross-section of sectors including: banking, credit and loans, insurance, financial management, ecommerce, clothing retailers, jewelry retailers, luxury retailers, cryptocurrency exchanges, and technology firms. Key findings of the “Global Internationalized Domain Name (IDN) Homograph Report, Q2 2018” include:

  • Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique resolutions per month;
  • 91% of IDN homographs offered some sort of webpage;
  • The research found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names;
  • 66% of all IDN homograph IP addresses were found to be geolocated in the United States; and
  • 93% of IDN homograph FQDNs had IPv4-based address records

Methodology:
The research presented in the “Global Internationalized Domain Name (IDN) Homograph Report, Q2 2018” is sourced from Farsight Security’s flagship product, DNSDB™. From DNSDB, the company extracted 12 months of IDN data from May 01, 2017 to April 30, 2018 and ran this dataset and a list of top global brands through its Brand Sentry™ product to obtain a list of IDN homographs. These were then post-processed with a vari­ety of bespoke tools to learn additional information including client-facing features of identified web sites.

If your organization would like your brand included in future Farsight reports, please contact us at sales@farsightsecurity.com.  

About Farsight Security:
Farsight Security is the world’s largest provider of historic and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.

Media Contact:
Jennifer Jewett
Mockingbird Communications
+1 617-913-2404
jennifer@mockingbirdcomms.com