The number of .uk domains suspended for criminal activity doubled over the past year, as cyber-criminals continued to target users with malicious content and phishing.
Nominet, the official registry for the TLD, revealed figures on Tuesday claiming the number surged from 16,632 last year to 32,813 during the period November 1 2017 to October 31 2018.
There are 10 organizations that report any offenses in to Nominet and, of these, five had cause to do so over the past year. These were led by the Police Intellectual Property Crime Unit (PIPCU), which made over 32,000 requests, followed by the National Fraud Intelligence Bureau (NFIB), Medicines and Healthcare Products Regulatory Agency (MHRA), Trading Standards, and the Financial Conduct Authority (FCA).
The majority of these requests related to IP infringement, although phishing sites also remain popular.
“The upward trend we are seeing in suspended domains confirms that criminals are continuing to seek opportunities in the UK namespace — be it the issue of counterfeits online, or where criminals relentlessly target consumers with malicious content, via domains registered for phishing,” explained Nominet CEO, Russell Haworth.
“Our ongoing efforts to keep the namespace safe can also be seen through our Domain Watch initiative that uses a technical algorithm to promptly suspend newly-registered domains with a very high phishing risk. Since July this year, 129 domains targeting the private and public sector have been suspended — for example barc1ays.co.uk or security-paypal.co.uk.”
The number of dodgy domains has doubled over the past three years, although the overall percentage of those suspended remains low, rising from 0.08% in 2016 to just 0.27% today.
“Working closely with the law enforcement community and using our established processes, network analytics and cybersecurity tools, will ensure that .UK remains a difficult space for criminals to operate,” said Haworth.
However, the efforts of law enforcers and researchers to investigate malicious domains has been severely impeded by the GDPR, which frequently prohibits access to the WHOIS database of registrants.
This means they can’t determine the identity of those who’ve registered a criminal or fraudulent domain or use that info to find other domains registered by the same bad actors.
“That devastates our ability to find all of the fraudulent domains registered by the same entity,” wrote one respondent in the joint Anti Phishing Working Group- Messaging, Malware and Mobile Anti-Abuse Working Group report.