This report analyzes domain registration trends from Q4 2024, revealing an 11.0% increase in newly registered domains (NRDs) compared to the previous quarter. It highlights the rise in cyber attacks and the prevalence of malicious domains, particularly in the .com gTLD. Affected: Newly Registered Domains, Mail Exchange Domains, Name Server Domains
Keypoints :
- 11.0% increase in newly registered domains (NRDs) in Q4 2024 compared to Q3 2024.
- gTLD registration volumes increased by 9.8%, while ccTLDs rose by 14.5%.
- .com remains the most popular gTLD, with .cn leading among ccTLDs.
- GoDaddy is the top NRD registrar, followed by Namecheap and Dynadot.
- csof[.]net is a significant name server domain, managed by Csoft Hosting.
- 18.1% of malicious domains tagged as IoCs were .com domains.
- Threat actors continue to favor gTLDs for malicious activities.
MITRE Techniques :
- TA0001 – Initial Access: Utilization of newly registered domains for phishing attacks.
- TA0002 – Execution: Malicious domains facilitating the execution of harmful scripts.
- TA0003 – Persistence: Use of compromised domains to maintain access.
- TA0004 – Privilege Escalation: Exploiting vulnerabilities in domain registration systems.
- TA0005 – Defense Evasion: Registering domains to evade detection by cybersecurity measures.
Indicator of Compromise :
- [domain] csof[.]net
- [domain] .com
- [domain] .org
- [domain] .net
- [domain] .ru
- Check the article for all found IoCs.
Full Research: https://circleid.com/posts/global-domain-activity-trends-seen-in-q4-2024