Agari and Farsight Security Reveal Global Domains Vastly Vulnerable to Phishing and Fraud

threat-center-report-image

Agari Email Threat Center Indicates 90 Percent of Brands Beset By Domain Name Fraud; Farsight Security Finds 99 Percent of  Domains Are Not Protected by DMARC

SAN MATEO, Calif. – February 7, 2018 –  Agari and Farsight Security, Inc., leading cybersecurity companies, today announced the publication of a joint research report, “Email Fraud and DMARC Adoption,” which illustrates that essentially every global domain is vulnerable to phishing and domain name spoofing. The report incorporates data from the Agari Email Threat Center, which reveals that 90 percent of its customers have been targeted by domain name fraud. Additional insight from the Farsight Security DNSDB indicates that less than one percent of all domains are authenticated and protected by Domain Message Authentication Reporting & Conformance (DMARC), an email authentication standard.

“Email and phishing remain a top source of cyber-attacks and data breaches,” said Patrick Peterson, founder and executive chairman, Agari. “This groundbreaking report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place.”

According to Agari research, 92% of the Fortune 500 did not protect their domains with DMARC as of August 2017. However, 2017 saw two watershed moments: The Department of Homeland Security Binding Operational Directive 18-01 (BOD 18-01), which requires all federal domains to implement DMARC in 2018, and members of NH-ISAC (a cyber security forum for healthcare institutions) pledged to implement DMARC in 2018

“Farsight Security’s network is ideal for studying not only the scope and the trends associated with how the Domain Name System (DNS) can be used to attack users, applications and infrastructure, but also how proposed solutions such as DMARC are deployed and their effectiveness,” said Paul Vixie, Farsight CEO. “We were very pleased to collaborate with Agari in this research. Farsight and Agari both believe that DNS record data is an essential tool to identify and secure our customers’ assets,” he added.

Farsight DNSDB is the world’s largest passive DNS database with more than 100 billion DNS records dating back to 2010 and updated in real-time. The Agari Email Threat Center analyzes more than two trillion emails per year from the domains of its customers, including six of the ten largest U.S. banks, many of the largest U.S. federal agencies, top social networks and healthcare providers, and hundreds of other organizations.

The joint research focused on the second half of 2017, the six months ending December 2017. Additional findings of the Agari – Farsight Security “Email Fraud and DMARC Adoption Report” include:

  • Low Global Enforcement Rates – Farsight Security DNS intelligence reveals global DMARC enforcement rates are approximately 26 percent or lower across the universe of internet domains. Agari customers observed by its Email Threat Center have achieved much higher protection rates: 99 percent in retail, 95 percent in technology and 89 percent in finance.
  • Healthcare is Most Targeted Industry – Among Agari customers, 92 percent of healthcare industry domains are targeted by domain name spoofing. The majority of messages (58 percent threat rate) sent on behalf of the healthcare industry are malicious or unauthorized, undermining the trust in medical providers, insurance companies and pharmaceutical brands. It is not surprising that healthcare is the most targeted industry since it is also the vertical least protected by DMARC, with protected domains hovering only between 10 – 20 percent.
  • Government Domains are Under Attack – The government sector is the second most attacked industry, with 87 percent of domains targeted. One out of ten messages (12 percent threat rate) sent on behalf of federal domains are malicious or unauthorized – significantly higher than the global average of three percent.
  • Attack on Government Domains during the week of September 11 – The report reveals a major spike in attacks on federal domains the week of September 11, 2017 – as malicious email increased from 16 percent to 50 percent – the result of a massive attack (more than 8 million messages) on a federal agency, which was prevented by DMARC.

Download the report: “Email Fraud and DMARC Adoption Report

About Agari
Agari, a leading cybersecurity company, is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at https://www.agari.com and follow us on Twitter @AgariInc.

About Farsight Security, Inc.

Farsight Security is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical – during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.