Agari and Farsight Security, Inc., the cybersecurity companies, announced the publication of a joint research report, “Email Fraud and DMARC Adoption,” which illustrates that essentially every global domain is vulnerable to phishing and domain name spoofing.
The report incorporates data from the Agari Email Threat Centre, which reveals that 90% of its customers have been targeted by domain name fraud. Additional insight from the Farsight Security DNSDB indicates that less than 1% of all domains are authenticated and protected by Domain Message Authentication Reporting & Conformance (DMARC), an email authentication standard.
“Email and phishing remain a top source of cyber-attacks and data breaches,” said Patrick Peterson, founder and executive chairman, Agari. “This groundbreaking report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place.”
According to Agari research, 92% of the Fortune 500 did not protect their domains with DMARC as of August 2017. However, 2017 saw two watershed moments: The Department of Homeland Security Binding Operational Directive 18-01 (BOD 18-01), which requires all federal domains to implement DMARC in 2018, and members of NH-ISAC (a cyber security forum for healthcare institutions) pledged to implement DMARC in 2018.
“Farsight Security’s network is ideal for studying not only the scope and the trends associated with how the Domain Name System (DNS) can be used to attack users, applications and infrastructure, but also how proposed solutions such as DMARC are deployed and their effectiveness,” said Paul Vixie, Farsight CEO. “We were very pleased to collaborate with Agari in this research. Farsight and Agari both believe that DNS record data is an essential tool to identify and secure our customers’ assets,” he added.
Farsight DNSDB is the world’s largest passive DNS database with more than 100 billion DNS records dating back to 2010 and updated in real-time. The Agari Email Threat Centre analyses more than two trillion emails per year from the domains of its customers, including six of the ten largest U.S. banks, many of the largest U.S. federal agencies, top social networks and healthcare providers, and hundreds of other organisations.
The joint research focused on the second half of 2017, the six months ending December 2017. Additional findings of the Agari – Farsight Security “Email Fraud and DMARC Adoption Report” include:
- Low global enforcement rates – Farsight Security DNS intelligence reveals global DMARC enforcement rates are approximately 26% or lower across the universe of internet domains. Agari customers observed by its Email Threat Centre have achieved much higher protection rates: 99% in retail, 95% in technology and 89% in finance.
- Healthcare is most targeted industry – Among Agari customers, 92% of healthcare industry domains are targeted by domain name spoofing. The majority of messages (58% threat rate) sent on behalf of the healthcare industry are malicious or unauthorised, undermining the trust in medical providers, insurance companies and pharmaceutical brands. It is not surprising that healthcare is the most targeted industry since it is also the vertical least protected by DMARC, with protected domains hovering only between 10 – 20%.
- Government domains are under attack – The government sector is the second most attacked industry, with 87% of domains targeted. One out of ten messages (12% threat rate) sent on behalf of federal domains are malicious or unauthorised – significantly higher than the global average of 3%.
- Attack on government domains during the week of September 11 – The report reveals a major spike in attacks on federal domains the week of September 11, 2017 – as malicious email increased from 16% to 50% – the result of a massive attack (more than 8 million messages) on a federal agency, which was prevented by DMARC.
Download the report: “Email Fraud and DMARC Adoption Report”
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus
