A meeting of participants of the Netoscope, which is annually held by the Coordination Center for TLD .RU/.РФ, took place on January 17. During the meeting, participants discussed the results of 2023 and plans for 2024.

As Andrey Vorobyev, Director of the Coordination Center, noted, issues of countering the domain abuse are receiving more and more attention at various levels of government and the professional community.

"Given the increase in the number of phishing attacks, including those using Russian domains, it is necessary to implement mandatory identification of domain name administrators using the Unified System of Identification and Authentication as quickly as possible. The introduction of the corresponding bill into the spring session of the State Duma of the Russian Federation was taken under parliamentary control by the Chairman of the Board of ROCIT, Deputy Chairman of the State Duma Committee on Information Policy, Information Technology and Communications Anton Gorelkin. Now we expect the speedy consideration and adoption of the bill,” Andrey Vorobyev said.

Olga Baskakova, project manager of the Coordination Center for TLD .RU/.РФ, spoke about the results of 2023 and plans for the future of the Netoscope. Today, the project database contains more than 5.1 million domain names (second, third and lower levels), which were noticed or suspected of unwanted activity at least once during the period from November 2012 to December 2023.

In 2023, about 63,000 domain names were added to the project, which is almost 3 times more than in 2022. The majority (51,293) of domain names among the domains that appeared in the database in 2023, like last year, are due to phishing, while their number more than doubled over the year.

Olga Baskakova shared the first results of launching a test version of domain tagging, when the analysis of domain names begins at the registration stage or immediately after it. With this approach, up to 30-35% of registered domain names fall into the “suspicious” category, while less than 2% of these domains end up in the Netoscope database. This proactive approach allows us to reduce response times to incidents and even prevent them in the future.

Representatives of companies participating in the Netoscope also addressed the meeting. Alexander Vurasko (Solar Security) talked about how non-personalized phishing attacks occurred in 2023 and gave examples of the most powerful attacks of the past year. And Konstantin Melnikov (Infosecurity) in his speech focused on how AI is used by attackers in preparing phishing attacks and developing phishing resources. Thus, today, attackers regularly use AI to generate scripts for creating phishing, writing “ideal” texts, conducting “phishing” surveys, and much more.

The meeting ended with a discussion about the possibilities of improving the system of proactive protection against the illegal use of domain names

Let us recall that Netoscope is a research platform for aggregating information about malicious resources in national top-level domains, which has existed since 2012. 14 Russian companies take part in its work.