Skip to main content

CSC's Research Uncovers Suspicious Domain Registration Surge Amid Baby Formula Supply Chain Crisis

For immediate release

July 13, 2022

For more information:
Amy Foschetti
W2 Communications
CSC@w2comm.com
CSC®New Room

Third parties registering domains are attempting to mask their ownership and identity, suggesting they may have nefarious intentions

WILMINGTON, Del. – CSC®,an enterprise-class domain registrar and world leader in mitigating domain and domain name system (DNS) threats, today released data from its global assessment of domain registrations since 2021 showing that 84% of baby formula-related domains were registered by third parties. The rise in fake registrations coincides with the turbulent supply chain issues the industry experienced this year, and registration characteristics show these domains are designed as vehicles to execute potential fraud and phishing attacks. The registration behavior is not limited to the baby formula market. A similar surge is also targeting commercial organizations and has occurred within the semiconductor industry, as CSC's research shows that 95% of domains registered in the same time period are tied to third parties. This assessment is part of CSC's latest report, "Where Domain Security Meets the Supply Chain Crunch."

CSC's research team found disturbing trends when they assessed the security of branded web domains and key search terms associated with the baby formula and semiconductor industries. Between January 2021 and May 2022, CSC found that within third-party registered domains, 93% of baby-formula-related and 79% of semiconductor-related domains include privacy services, or have WHOIS details redacted. These are steps taken with the intent to conceal true identities and reveal potential fake domain registrations and fraudulent activity. In addition, 26% of baby formula-related and 44% of semiconductor-related domains are configured with MX email records–a key mechanism used to disseminate phishing emails.

"Companies need to understand how their choice of domain registrar impacts their organization’s overall security posture and the probability of their employees and customers falling victim to fraud. Consumer-grade registrars have repeatedly been attacked over the last few years, and do not provide the security controls needed to protect clients’ vital domain names from domain and DNS threats. Moreover, many consumer-grade registrars offer services like name spinning and domain auctioning that promote the registration of confusingly similar names that not only infringe on established brands but are often used for phishing and other fraud-based attacks," says Mark Calandra, president of CSC Digital Brand Services. "As a result, these registrars monetize the goodwill brand owners have worked hard for, creating a revenue stream for themselves rather than serving the interests of enterprise clients who use their platforms. We believe the industry should follow best practice standards to prevent growing brand abuse and consumer safety concerns to ensure a more secure digital economy."

Domain security hygiene remains an overlooked risk management component of an organization’s business operation and overall security posture. CSC conducts an annual assessment of the domain security practices among the Global Forbes 2000. Through a cross assessment of the most recent report and CISA’s 16 critical infrastructure industries categories, food and agriculture and critical manufacturing are two industries with the weakest domain security hygiene and minimal year-over-year improvements.

Access the Supply Chain report, the Domain Security report, or visit our website at cscdbs.com.

About CSC

CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® in enterprise domain names, domain name system (DNS), digital certificate management, as well as digital brand and fraud protection. As global companies make significant investments in their security posture, CSC can help them understand known cybersecurity oversights that exist, and help them secure their online digital assets and brands. By leveraging CSC’s proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss, and significant financial penalties because of policies like the General Data Protection Regulation (GDPR). CSC also provides online brand protection–the combination of online brand monitoring and enforcement activities–taking a holistic approach to digital asset protection, along with fraud protection services to combat phishing. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are–and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.