The Netherlands Internet Domain Registration Foundation (SIDN), the organization that manages the domain names for the .nl domain, has warned more than 30,000 domain name holders about malware and phishing in one year. The organization reports this in a transparency report. This concerns the period from the fourth quarter of 2020 to the third quarter of 2021. Most of the cases concerned phishing warnings.
SIDN intervenes in violations
In the report, SIDN states that the .nl domain is “one of the most secure top-level domains in the world”. The foundation says it is taking the lead in “fighting abuse”. As a result, the organization is sometimes forced to intervene. This can take various forms, including removing domain names from the .nl zone. Intervention can be on one’s own initiative, but also as a result of legal proceedings. According to SIDN itself, action is not often taken in relative terms: “Compared to the total number of .nls of more than 6 million, the number of times we intervene is very limited.”
To reduce issues such as phishing and malware in the .nl zone, SIDN launched the Abuse204.nl program (abuse ‘to zero for .nl’). The organization sends out warnings based on a purchased feed to the holders, hosters and registrars involved. This contains the request to look into the problem and – if there is indeed phishing and malware – to solve it.
SIDN sends repeated warnings. If the problem has not been solved after a maximum of 114 hours, the organization itself carries out a check. If the problem persists, SIDN will remove the domain name from the zone. The foundation will inform the registrar about this. This can link the name servers back to the domain name if the malicious code has been removed. This way the domain name can be included in the .nl zone again.
More than 30,000 warnings
In the period from Q4 2020 to Q3 2021, SIDN issued cybercrime warnings to more than 30,000 domain name holders. For the most part, these are phishing alerts; as many as 27,000 times. In the end, the organization made 750 domain names inactive.
Almost 3,000 times SIDN sent warnings about so-called web shells. These are scripts that attackers place on web servers. They can then access the server remotely and execute all kinds of commands. SIDN informed more than 300 domain name holders that a shopping site skimmer was active on their website, which intercepts the credit card details of customers.
SIDN itself received 60 Notice-and-Take-Down (NTD) requests. These are reports about illegal or punishable content on a website, where the parties involved are unable to remove the content. SIDN then removes the domain name from the zone. The foundation granted 26 of the 60 requests.
Catch up on more articles here
Follow us on Twitter here