Websites that handle financial transactions should add Registry Lock to their domains.
Brian Krebs wrote this weekend about a recent attack on cryptocurrency services via the domain name registrar GoDaddy.
In at least two cases, it appears that attackers were able to either transfer a domain to another account and modify its nameservers or otherwise modify nameservers on the domain names.
Social engineering attacks on tech company employees are likely to become more common as people work from home. Registrars must remain vigilant.
Site owners also need to take precautions. Websites that handle financial transactions (including cryptocurrency transactions) should use Registry Lock.
Registry Lock is different from typical domain locking offered by registrars. Domain locking merely prevents a domain from being transferred unless someone logs in to the account and unlocks it.
Registry Lock is much more sophisticated. It’s a service offered by the domain name registries through the registrars. Most Registry Lock products prevent people from transferring a domain or changing its nameservers without going through a multi-step process that involves both the registrar and registry.
In the case of Verisign, which operates .com, a domain owner who wants to change their nameservers would first contact their registrar. This would trigger a process in which the registry manually verifies the request.
It’s not foolproof and could be overcome with social engineering. But it’s a good second layer of protection. And while the service is much more expensive than a domain name, it’s a minimal expense as part of a business’ security budget.
Not all registrars offer Registry Lock. GoDaddy does not currently offer the service.