Defining Various Forms of Online Abuse

When considering cyber insurance, it’s helpful to understand the various ways that individuals and companies are hacked. Many hacks are initiated using the domain name system (aka DNS). The Internet Corporation for Names and Numbers (ICANN) manages the DNS and recently identified the various types of abuse resulting in compromised systems.

DNS abuse is composed of five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam (when spam serves as a delivery mechanism for the other forms of DNS abuse).

A content delivery network is a system of distributed servers (network) that deliver pages and other web content to a user based on the user’s geographic locations, the webpage’s origin, and the content delivery server.

A mail exchanger record (MX record) specifies the mail server responsible for accepting email messages on behalf of a domain name. It is a resource record in the DNS. It is possible to configure several MX records, typically pointing to an array of mail servers for load balancing and redundancy.

See MX record,
https://en.wikipedia.org/wiki/MX_record

• Malware is malicious software installed and/or executed on a device without the user’s consent, which disrupts the device’s operations, gathers sensitive information, and/or gains access to private computer systems. Malware includes viruses, spyware, ransomware, and other unwanted software.
• Botnets are collections of Internet-connected computers that have been infected with malware and can be commanded to perform activities under the control of a remote attacker.
• Phishing occurs when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g., account numbers, login IDs, passwords), whether through sending fraudulent or ‘look-alike’ emails or luring end-users to copycat websites. Some phishing campaigns aim to persuade the user to install malware.
• Pharming is the redirection of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. DNS hijacking can occur when attackers use malware to redirect victims to the perpetrator’s site instead of the one initially requested.
• DNS poisoning causes a DNS server [or resolver] to respond with a false Internet Protocol (IP) address bearing malware. Phishing differs from pharming in that pharming involves modifying DNS entries, while phishing tricks users into entering personal information.
• Spam is unsolicited bulk email where the recipient has not granted permission for the message to be sent and where the message was sent as part of a larger collection of messages, all having substantively identical content.

These categories have been adopted within the ICANN realm in specific contracts, but do not represent all forms of DNS abuse that exist, are reported and are acted upon by service providers.

New types of abuse are commonly created, and their frequency waxes and wanes over time. Thus, no particular list of abuse types will ever be comprehensive.

We now hope you understand the importance of cyber insurance and how data compromises happen.