On January 17, the Coordination Center for TLD .RU/.РФ held a traditional annual meeting of participants in the Netoscope project, which celebrated its 10th anniversary in 2022. During the meeting, the participants discussed the results of 2022 and trends in the field of domain space security.

Netoscope is a research platform for aggregating information on malicious resources in ccTLDs. 17 Russian companies take part in its work.

According to the Director of the Coordination Center Andrey Vorobyev, the main trend in 2022 was the growth and sophistication of phishing, and Netoscope is an excellent example of cooperation that allows you to effectively fight complex phishing.

“The security of the Russian domain space is one of our most important tasks. We are not only doing a lot of work within the Netoscope and Domain Patrol projects, but also studying the experience of other ccTLD registries in this area. We have begun to pay more attention to the study of proactive protection systems in the domain name registration system and will continue this activity in 2023,” he said.

Olga Baskakova, project manager of the Coordination Center, spoke about the results of 2022 and plans for the Netoscope future. To date, the project database contains more than 5 million domain names (second, third and lower levels), which at least once during the period from November 2012 to December 2022 were noticed or suspected of unwanted activity.

In 2022, about 22 thousand domain names were added to the project. Most (21,462) of domain names among the domains that appeared in the database in 2022 were phishing, which has become the number 1 problem in the world over the past few years.

Olga also spoke in detail about how approaches to detecting malicious domain names have changed. So, if just a couple of years ago the approach was dominated, when countering malware began only after the fact of violation was established, today the analysis of domain names often begins at the stage of registration or immediately after it. Such a proactive approach allows you to reduce the response time to incidents, and even prevent them in the future.

Representatives of the companies participating in the Netoscope have addressed at the meeting. Alexander Vurasko (Rostelecom Solar) spoke about the most common phishing schemes, also noting that in 2022 these schemes became more complex.

Dmitry Moryakov (VK) focused on the Mail Antispam project of the Mail.ru, which uses the most up-to-date anti-spam methods. As part of the project, more than 600 million emails are processed daily, more than 200 million of which are blocked. The average email processing time is 360 milliseconds.

Yaroslav Kargalev (Group IB) demonstrated participants the statistics of detection of phishing resources, also noting the trend towards an increase in the number of such resources (by 43% compared to last year) and emphasizing that in Russian national domains the response time to incidents remains the lowest compared to others domain zones. The average time from the appearance of a complaint to the blocking of a malicious .RU domain name, according to Group IB, is 23.4 hours.

The meeting ended with a discussion about the possibilities of developing and implementing proactive protection systems against the domain abuse.