Fighting Cyber-Enabled Fraud 2025

Page 12 of 31 · WEF_Fighting_Cyber-Enabled_Fraud_2025.pdf

← Prev Next → Download original PDF
The internet’s decentralized, multistakeholder governance model – a deliberate design choice – has fostered resilience, innovation and global participation for decades. This distributed architecture enables open access, flexibility and a diversity of voices shaping how the internet evolves. At the “names and numbers” layer, where the fundamental addressing and routing functions of the internet reside, governance is distributed among multiple entities. The Internet Corporation for Assigned Names and Numbers (ICANN) coordinates global policy for generic top-level domains (gTLDs) such as “.com” or “.org” through a multistakeholder process, while country-code top-level domain (ccTLD) operators manage their namespaces such as “.uk” or “.in” under varied governance models – from independent multistakeholder foundations to direct governmental or commercial oversight. This distributed governance model correlates to a divergent cybercrime landscape. On average, the abuse rates for ccTLDs are statistically significantly lower than for gTLDs.412.1 Prevention ICANN’s role in ensuring a stable, secure and unified global internet BOX 4 ICANN has progressively strengthened requirements in its contracts with generic top- level domain (gTLD) registry operators and registrars. These obligations, set forth in the Registrar Accreditation Agreement (RAA), the Registry Agreements (RAs) and the ICANN policies incorporated into them, include a wide range of requirements designed to preserve the security, stability and resilience of the DNS. Since 2013, the RAA has required registrars to maintain public abuse contacts, publish a description of their abuse procedures and reasonably investigate and respond to reports of DNS abuse. The RAs have required registries to publish abuse contact information and perform technical analyses to determine whether their sponsored domain names are being used to perpetrate DNS abuse. Additional requirements such as those related to the accuracy and accessibility of registration data and taking action to remove orphan glue records42 associated with malicious activity are also present in the agreements enforced by ICANN. In 2024, amendments introduced further enhancements: they defined DNS abuse for the purposes of the RA and RAA, required simple abuse reporting channels with timely acknowledgement and obligated providers to take mitigation actions promptly once presented with credible evidence.43,44 ICANN’s Contractual Compliance function monitors and vigorously enforces these contractual requirements. As part of its wider DNS Abuse Mitigation Program, ICANN also provides capacity development and training to community members engaged in combating DNS abuse. New transparency tools, such as the Domain Metrica platform, provide public visibility into abuse patterns across the DNS, while the Inferential Analysis of Maliciously Registered Domains (INFERMAL) project aimed to better understand attackers’ preferences regarding DNS abuse.45,46 Looking ahead, ICANN and its stakeholders are discussing additional preventive measures. Ideas under consideration include requiring registrars to review associated domains once abuse is confirmed in one of them and adding safeguards to introduce friction to the registration process prior to domain activation, particularly for bulk domain purchases by new customers.47,48 This decentralized ecosystem of responsibility ensures stability and resilience; however, malicious actors exploit gaps among jurisdictions, governance models and enforcement capacities – rapidly registering domains, spinning up infrastructure and using trusted intermediaries to operationalize fraud and scams at scale. Abuse reporting and timely response actions are essential to curb in-progress harms, but reactive measures alone still leave ample opportunity for malicious actors to cause damage, making the case for due attention to preventive measures. Some within the industry refer to these as “anti-fraud” measures.49 For example, ICANN research found that “stringent registrar restrictions” are associated with a 63% decrease in the number of maliciously registered domains, and validation of registrant information during account creation or before domain purchase is associated with a 70% drop.50 Fighting Cyber-Enabled Fraud: A Systemic Defence Approach 12
Ask AI what this page says about a topic: