The vast majority of web domains closely linked to the presidential campaign websites for Donald Trump and Joe Biden lack basic domain security protocols and are at risk of potential disinformation activities and data theft, according to findings released Thursday.
The research by US-based digital asset security company CSC found that over 90% of these web properties are not using registry locks to protect their domains from domain and DNS hijacking that can lead to phishing attacks, network breaches, and email compromise. CSC aggregated the data during the month of August.
Cyber criminals could subvert activities on those websites to disseminate misinformation, commit fraud against visitors or even carry out ransomware attacks., CSC said.
“As noted in our previous research, we’ve consistently seen domains emerge as a threat vector for enterprises, and an area that is continuously overlooked in cyber security. Due to the sensitivity and importance of the U.S. election process, domain security remains a major vulnerability for the potential of foreign interference, fraud, and misinformation,” said Mark Calandra, executive vice president for CSC's Digital Brand Services division, which conducted the study.
“As an organization with the most visibility into the domain landscape, we advocate for the sanctity of voter trust and encourage both presidential candidates and other websites in the electoral ecosystem to prioritize domain security on their websites to ensure security and build confidence.”
The research showed that domain security and preventing domain spoofing continue to be an oversight even with top election-related web properties, with more than 75% of these election-related domains using retail-grade domain registrars that do not provide advanced security protocols, according to CSC.
"We have reached the point where awareness is not enough. Those responsible for managing domain registrations, including registrars and hosting companies, need to have an actionable plan that is aligned with best practices. Additionally, experiences must be shared between those within the industry for the good of the wider internet community," said Matthew Stith, industry liaison at Spamhaus. “Without this commitment, users will be open to continued manipulation and fraud."
Meanwhile, the latest developments in the US cyber sector will be the focus of a special digital edition of Cybertech on October 27. CybertechLive USA, to be hosted from New York City, will feature government officials, industry experts, leading companies, and startups. More information about the event can be found here.