Domains: The First Line of Defense Against Cyberattacks

Most cyberattacks start with a phishing campaign. Yet, the cybersecurity strategy of many companies still fails to address the root of the problem: domains. In this article, we will look at some measures to catch up in this area.

With increasing digitization, cybercrime has become another line of business for so‑called Black Hat professionals—those who use their computing skills for wrongdoing.

An example of this is the attack on the Hospital Clínic of Barcelona, which suffered a ransomware attack demanding $4.5 million to ransom stolen sensitive data and thus preserve patient privacy, which was put at risk.

But that is only one example. Recent studies indicate that cyberattacks in Catalonia increased by 38% in 2024 compared to the previous year, reaching 6.9 billion cyberattacks fought throughout 2024. Two out of three incidents occurred at universities, due to the generally low protection of students’ devices.

According to the Cybersecurity and Infrastructure Security Agency (CISA), most of these cyberattacks are rooted in a phishing campaign. Email remains the primary gateway today for malware to enter computer systems.

How can something as simple as an email still be so effective? Thanks to Social Engineering, which teaches attackers how to address users so the fake communication sounds real, and to brand impersonation, as easy as using a domain similar to that of a brand we know.

Below we will look in more detail at how the basic mechanisms of phishing techniques work and how to prevent them from using our brand to carry them out.

Domain Names: The Platform for Launching Phishing Campaigns

Various research groups have shown that phishing campaigns are generally launched in three possible ways:

Through a maliciously registered domain name, meaning one whose similarity to another can cause confusion.

Among the deceptive techniques used by hackers, homograph domains stand out, in which one or more characters in the web address appear to be a letter but are not—for example, using an uppercase “I” [I] instead of a lowercase “l,” or the Cyrillic “p” instead of the Latin “p.” According to specialized media, 70% of homograph domains currently belong to third parties who register them through general-purpose registrars aimed at the public, which allow domain registration without controls.

Through a hijacked or compromised legitimate domain name, caused by unauthorized access to email, the domain registrar, or the DNS server.

Attacks on the domain name system—such as registrar account breaches and DNS hijackings—are increasingly frequent. These attacks pose a serious threat to brands because, if successful, they redirect traffic to other sites, resulting not only in lost revenue but also in diminished customer trust. According to a study, in 2025, approximately 83% of companies remain highly exposed to DNS or domain hijacking because they have not yet implemented basic measures such as domain locking, which we discuss further below.

Through email sender impersonation.

Currently, some studies indicate that only 50% of brands use the DMARC (Domain-based Message Authentication, Reporting and Conformance) email authentication mechanism. With DMARC, legitimate domain owners can provide instructions in the DNS entry so that any receiving email server can identify and authenticate their messages. Additionally, thanks to BIMI technology (Brand Indicators for Message Identification), it is also possible to apply a Verified Mark Certificate (VMC) to encourage sender verification. Here we explain all the details.

Domain Strategy: A Core Pillar of Cybersecurity

Failing to address domain security poses a risk with potentially catastrophic consequences for data protection, consumer security, intellectual property, supply chains, revenue, and reputation.

Therefore, experts agree on the need to implement a comprehensive domain protection strategy covering the entire cycle: from registration and management of domain names to continuous monitoring and rapid takedown of malicious domains.

Importance of the Registrar

Choosing the right registrar should not be a matter of price, but of security.

Compared to consumer-focused registrars, corporate and government-focused registrars are a safer bet due to the enhanced protection measures they implement. They typically offer specialized security features to prevent, detect, and respond to attacks against any domain.

Additionally, the domain name landscape is dynamic and heavily influenced by the emergence of generic top-level domains (gTLDs), legislation, and sociopolitical activity. A corporate registrar can advise brands on the potential impact on their business and the best way to manage it.

Centralization of the Domain Portfolio

The average size of corporate domain portfolios is growing. The number of organizations owning 250–500 domains increased from 9% in 2019 to 17% in 2020. Similarly, organizations owning 501–1000 domains grew to 14% in 2020 compared to 8% in 2019.

These portfolios often contain a percentage of inactive domains, acquired for defensive or competitive reasons. However, whether active or not, these domain names carry risks such as server infiltration and email spoofing if misconfigured and not securely managed.

Therefore, it is important to have a global view of all domains across all offices and brands of the company. Key information to collect includes registrar details, domain usage, and renewal dates.

Domain Registration and Locking

Once the appropriate provider is selected, the first step in defining a domain strategy is to identify which domains are critical, relevant, or secondary.

Once identified, the next step is to register and lock domains that could put your business or brand reputation at risk. We recommend reading this article to know when to register and when to lock a domain.

Locking domains ensures that, once registered and configured, they cannot be transferred. This extra security layer is vital for critical domains such as transactional pages, email systems, intranets, and support applications.

The so-called Registry Lock freezes all registry-level transactions until the party requesting the domain transfer follows the security protocol agreed upon by the registry and registrar.

When combined with other domain locking services, an additional layer of protection is added against attacks such as unauthorized name server changes, hijacking, and social engineering attacks.

Domain Monitoring and Surveillance

Domain monitoring alerts us in real time when someone registers a domain containing our brand in multiple possible variants. This service is vital as it allows us to respond quickly to potential cyberattacks.

Domain surveillance allows us to track domains that do not pose an immediate risk but have the potential to do so: domains using the brand without content or with non-harmful content. This service notifies us whenever there is a technical or content change that could indicate a potential attack.

Recovering Occupied Domains

While the previous measures are preventive, this is reactive. That is, when a compromised domain is discovered, action must be taken.

In addition to disputing illegitimately occupied domain names, other legal measures exist, such as cease-and-desist requests, to deactivate illegal content and brand abuse on websites.

Online Brand Protection for a Holistic Approach

These proactive controls can secure underlying domain assets and defend them against the phishing attack methods mentioned above.

However, the domain landscape is constantly evolving, presenting both opportunities and challenges. To thrive in this changing environment, companies must focus on domain management and security—preferably as part of a broader online brand protection strategy.

Having issues with your domains? Talk to an expert.

We register domains all over the world. We keep your brands safe online.