Cyber Attacks on the Rise: CSC’s 2024 Report Highlights Deteriorating Security in Healthcare Domains

Healthcare Domain Security Declines Amid Surge in Cyber Attacks, CSC's 2024 Report Reveals

October 30, 2024,Wilmington, Del., United States : CSC, an enterprise-class domain registrar and world leader in mitigating domain and domain name system (DNS) threats, today released its fifth annual Domain Security Report that found, in a ranking across 26 Forbes Global 2000 industries, Healthcare Equipment and Services fell seven spots and out of the top five industry ranking it previously held. The drop in ranking from 5th in 2023 to 12th in 2024 stands in stark contrast to the prominent rise in cyber attacks on hospitals and healthcare systems this year.

CSC’s 2024 Domain Security Report analyzes the highest and lowest performing industries based on the adoption of key domain security features like registry lock, CAA records, DNS redundancy, type of registrar, DNSSEC, SPF, DKIM, and DMARC. The top five highest performing industries were Business Services and Supplies, IT Software and Services, Media, Retailing, Hotels, and Technology Hardware and Equipment. The lowest performing industries were Construction, Food and Drink and Tobacco, Food Markets, Materials, and Oil and Gas Operations.

“Many wide-scale cyber attacks like ransomware, phishing, and data breaches can originate at the domain level through fraudulently registered or exploited legitimate domains,” says Jim Stoltzfus, president of CSC’s Digital Brand Services. “The severe rise in malicious attacks against healthcare systems and other critical infrastructure this year is a clear indication for all industries to carefully monitor domain activity and registrations, and to pay much more attention to dormant domains, which may be maliciously registered but not put to use until a cyber attack is launched.”

Additional key insights from CSC’s research include:

80% of registered web domains that resemble a Global 2000 brand do not belong to that brand. Of the 80% of homoglyph (lookalike fake) domains owned by third parties other than the Global 2000 brand owners, CSC found that 42% have MX records (email exchange records) compared with 40% in 2023. MX records can be used to send phishing emails or to intercept email.
Use of registry lock has grown by 7 percentage points since 2020, but overall adoption is low at 24%. Registry locks enable end-to-end domain name transaction security to mitigate human error and third-party risk. It’s a highly cost-effective means of protecting domain names against accidental or unauthorized modifications or deletions.
107 of the world’s largest public companies have a domain security score of zero. 5% of the Forbes Global 2000 companies do not deploy any of the recommended domain security measures and therefore have the highest level of risk. Based on CSC’s analysis of the adoption of key domain security measures, a security score of zero indicates no adoption of any measure, leaving those companies at the highest risk of domain security threats.
Use of DMARC has grown by 82% since 2020. In 2023, the Anti-Phishing Working Group (APWG) reported a record of almost five million logged phishing attacks, making 2023 the worst year for phishing. This rise in attacks helped increase the adoption of DMARC—an email validation system designed to protect a company’s email domain from being used for spoofing and phishing scams.

CSC’s 2024 Domain Security Report further displays how lax domain security can impact brands and consumers by analyzing how cybercriminals exploited the global reach of the 2024 Paris Olympics. CSC observed a surge in fake Olympic and Paris-related domain name registrations coinciding with the start and end of the Games, which were used to promote counterfeit items, fake tickets, fraudulent streaming sites, and phishing attacks. The targeting of this year’s Olympics provides yet another example of how cybercriminals target trusted brands to launch malicious campaigns. This makes monitoring domain ecosystems globally—including lookalike, dropped, re-registered, or newly registered domain names—a priority in any corporate security posture and online brand strategy to mitigate digital threats.

Leave a Comment

Your email address will not be published. Required fields are marked *