Understand dangerous domain types, and block them

In the realm of cybercrime, two types of domains have gained notoriety: Domain Generation Algorithms (DGAs) and Newly Registered Domains (NRDs). Both play significant roles in the strategies employed by cybercriminals, and recognising their impact is essential for protecting your family's home network and the people who use it.

What are Domain Generation Algorithms (DGAs)?

Domain Generation Algorithms (DGAs) are sophisticated techniques used by malware to evade detection and maintain communication with their command and control (C&C) servers. Instead of relying on a static list of domains, DGAs generate a large number of domain names algorithmically. If a domain is blocked or taken down, the malware simply moves on to the next one in the list. This makes it challenging for cybersecurity professionals to predict and block all potential domains that malware might use.

Real-world impact

DGAs are prevalent in various malware families, including notorious ones like CryptoLocker, a type of ransomware that encrypts files on infected devices until a ransom is paid. DGAs are used in approximately 40% of malware campaigns, highlighting their widespread adoption by cybercriminals.

Why block DGA-generated domains?

Blocking domains generated by DGAs is a proactive measure that can effectively disrupt malware operations, preventing it from receiving commands or updates from its servers. This means that if your network is infected by malware requiring a connection to its command and control servers, it won’t have the chance to take your data hostage.

The cost of inaction

Without blocking DGA-generated domains, your network remains more vulnerable to malware infections. According to a report from Symantec, over 4,800 websites are compromised every month, with many using DGAs to facilitate attacks. The financial and personal data losses resulting from such breaches can be devastating, with the average cost of a data breach reaching $4.45 million in 2023, as reported by IBM.

Understanding Newly Registered Domains (NRDs)

Newly Registered Domains (NRDs) are domains that have been registered within the last 30 days. These domains are often used by cybercriminals to launch malicious campaigns, as they are less likely to be flagged by security systems due to their novelty.

Why criminals favour NRDs

Criminals prefer NRDs because they can quickly set up and deploy these domains for phishing attacks, malware distribution, and other malicious activities. The short lifespan of these domains makes them ideal for quick-hit campaigns that can evade detection until it's too late.

Statistics on NRDs

A study by Palo Alto Networks found that 70% of newly registered domains are used for malicious purposes within the first 30 days. This alarming statistic underscores the importance of monitoring and blocking NRDs to protect your network from potential threats.

Why block NRDs on your home network?

Blocking NRDs is a critical step in enhancing your home network's security. By preventing access to these potentially harmful domains, you reduce the risk of falling victim to phishing scams, malware infections, and other cyber threats

Implementing domain blocking with Arbiio

Blocking both categories of these domains is seamlessly integrated at the DNS level with Arbiio. This means your devices are protected before they even come into contact with these threats, giving you peace of mind that your network is better safeguarded against emerging threats.

The statistics speak for themselves—without proper protection, the likelihood of falling victim to cyber threats is significantly higher. By taking proactive measures, you can safeguard your family's online experience and worry less about potential cyber dangers.

References

Palo Alto Networks, "Newly Registered Domains: Malicious Abuse by Bad Actors," 2019.
Symantec, "Internet Security Threat Report," 2019.

Understanding dangerous domain types, and blocking them