Trust and security are critical elements shaping the use of the Internet as a communication tool in our daily lives. Unfortunately, harmful activity such as DNS abuse is an ongoing threat to this. So what is being done to minimise DNS abuse at a local level and what role do forums like NetThing play in highlighting the issue?
Minimising DNS abuse
As a quick reminder, DNS abuse refers to 5 categories of harmful online activity, including malware, botnets, phishing, pharming and spam. With over 3.6 million domains registered in the .au registry, .au has levels of DNS abuse well below the global average. However, further reducing DNS abuse remains a key focus. Along with the internal systems in place to combat it, general Internet users need to stay vigilant as the threat landscape is changing fast.
There are many groups and initiatives that offer cybersecurity solutions and advice to combat malicious online behaviour, including the Australian Cyber Security Centre (ACSC) and the DNS Abuse Institute. While the ACSC focuses on education and support, the DNS Abuse Institute was established to foster collaboration based on research to provide a collective response to the issue. Chief Operating Officer at .au Domain Administration, Bruce Tonkin is proud to be a member of the advisory board at the DNS Abuse Institute where he is able to contribute to the minimisation of DNS abuse and encourage Internet users to take action:
“The DNS Abuse Institute has released a service called NetBeacon (https://netbeacon.org/) where Australian Internet users can report DNS Abuse, so that the reports can be actioned by domain name registries and registrars located around the world.”
Trends in .au
At a high level, ICANN’s Domain Abuse Activity Reporting (DAAR) provides participating TLD operators with an understanding of the rate and type of DNS abuse within their top level domain. Here in .au we continue to monitor this information and make improvements to our internal systems to ensure that this trend remains strong. Currently .au has less than 0.03% of domain names involved in DNS Abuse, well below the global average of around 0.2%.
In January 2021 auDA indicated that the low levels of DNS Abuse in Australia are due to the robust requirements of .au. They suggest that this makes the process of registering a domain name more difficult for harmful activity to be carried out. The details required upon registration of, for example a .com.au domain name include:
- registrant legal name;
- registrant ID (e.g. ABN or ACN);
- eligibility type (e.g. company, citizen, incorporated association, sole trader);
- eligibility name (e.g. business name or trademark);
- eligibility ID (e.g. ABN of the business name or trademark number)
These conditions, along with a detailed WHOIS record (https://whois.auda.org.au/) allowing visibility for Internet users, ensure that cybercriminals are detracted from using .au domain names to carry out abuse.
auDA also subscribes to a range of DNS Threat Intelligence feeds from around the world for reports of websites using .au domain names that may have been compromised by cyber-criminals. A common issue in these cases is websites that are more than 5 years old, and have not had security patches applied to the website software.
NetThing 2022
To be held from October 27-28 this year, NetThing is a collaborative event that focuses on policy issues surrounding the Internet in Australia, including digital rights and cyber security. Bronwyn Mercer, Chair of NetThing explains the objective of the forum in tackling issues such as DNS abuse.
“As Australia's Internet Governance Forum, NetThing provides a platform for the Australian community to discuss public policy issues related to the Internet in Australia. The security and resilience of Internet infrastructure is central to public trust in online services. Through NetThing, I hope to raise the profile of security issues like DNS abuse and explore the impact on society from multiple perspectives.”
While it is clear that abuse in .au remains low, and that there are services available to report any malicious behaviour, we must also recognise our role as users in creating a more trusted space. Annual forums such as NetThing play an important role in highlighting the severity of DNS abuse incidents and other aspects to trust and security for Australian Internet users.