Cybercriminals register .AI domains of trusted brands for malicious activity

Almost half of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, which are registered by third parties. That's according to the 2023 Domain Security Report from CSC, which revealed that cybercriminals are exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. This is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who discovered that .AI domains using their brands were misappropriated by third parties, according to the research.

Malicious actors are also continuing to capitalize on lookalike domains (homoglyphs) that resemble Global 2000 brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement, the report found.

Third-party owned .AI domains pose significant security risks

The growth in .AI domain registrations is indicative of the growth of the broader AI technology landscape, the report read. The overall third-party registration or infringement of .AI domains is at 43% for the Global 2000 companies, it added. Of those companies with branded domains registered for .AI, 84% are owned by third parties while 49% are available. Certain industries such as banking, diversified financials, and IT software and services see the highest percentage of taken .AI domains.

".AI is a domain extension with no registration restriction, so it makes it an attractive and accessible domain name for cybercriminals," Mark Calandra, president of CSC's digital brand services division, tells CSO. "With corporations operating multiple brands, fraudsters are ready to take advantage of their trusted names, snapping up "branded" .AI domains that are still available." It is therefore crucial to have rapid detection and deactivation of confusingly similar domains imitating brands - a company's branded .AI domain in the wrong hands could put it at risk of website redirection, online fraud, phishing attacks, and malware, he adds.

The combination of a company's familiar brand name plus .AI as a domain extension gives target victims a false sense of trust and become more susceptible to falling prey to an attack. "Due to the significant media coverage recently on the potential use of AI for fraud in the future, registering your brand in the .AI domain extension is important to protect your key trademarks," Calandra says.

Phishing emails, malicious content among lookalike domain threats

The report also detected a slight increase in the amount of lookalike domains owned by third parties, up 4% from 2022 to 79% in 2023. Of the lookalike domains CSC assessed, 40% have mail exchange (MX) records, which can be used to send phishing emails or to intercept email, according to the report. Other uses cited in the paper include pointing to advertising, pay-per-click ads, or domain parking (36%), resolving to a live website not associated with the brand holder (14%), and pointing to malicious content that could damage a brand's reputation and customer confidence (1%).

The threats posed to legitimate brands by lookalike domains came to the fore in the wake of the launch of Threads by Instagram in July 2023. Security firm Veriti observed a surge in the creation of suspicious domains with over 700 domains related to Threads registered daily. These domains posed a significant risk as they can be used to deceive users, distribute malware, and lure unsuspecting individuals into downloading untrusted versions of the app.