Skip to content
Learn Security

The Dark Side of Innovation: Why Cybercriminals Target New Domain Extensions

Discover why cybercriminals exploit new domain extensions like .shop and .xyz and how to safeguard against such threats.

4 min read
Scammers Favorite Domain

The Dark Side of Innovation: Why Cybercriminals Target New Domain Extensions

In the constantly shifting landscape of cybersecurity, one emerging trend stands out for its brazen exploitation by cybercriminals: the use of new generic top-level domains (gTLDs) like .shop, .top, and .xyz. These domains, celebrated for their potential to boost creativity and expand the digital frontier, are becoming a playground for malicious actors.

As a cybersecurity specialist, I’ve seen how these innovations, intended to foster inclusivity and creativity on the internet, can also be manipulated for nefarious purposes. Here’s why these domains are so appealing to cybercriminals—and what we can do about it.

Why New gTLDs Attract Cybercriminals

Recent studies reveal a startling trend: while new gTLDs account for only 11% of all domain registrations, they represent 37% of reported cybercrime domains. This disproportionate usage is not coincidental. Cybercriminals are drawn to these domains for several reasons:

  1. Low Cost: Many new gTLDs are offered at rock-bottom prices, often as low as $1. For criminals operating at scale, this affordability is a significant advantage.

  2. Minimal Verification: Unlike traditional domains such as .com, these newer extensions frequently lack stringent identity verification requirements, making them easy to obtain and exploit anonymously.

  3. High Availability: With fewer registrations compared to traditional domains, finding a desirable name in new gTLDs is easier, allowing scammers to mimic legitimate brands or organizations.

The Economics of Cybercrime

Cybercriminals employ a volume-based approach. They register hundreds—or even thousands—of cheap domains, using them to host phishing sites, malware, or scam pages. The short lifespan of these domains is part of the strategy: criminals rarely renew them, instead moving on to new registrations when a domain’s malicious purpose is exposed.

While this practice may seem unsustainable from a business perspective, the damage inflicted in the short term can be substantial, targeting unsuspecting users and damaging the reputations of legitimate businesses.

Subdomains: An Emerging Threat

In addition to exploiting gTLDs, cybercriminals are increasingly turning to subdomain providers like blogspot.com, weebly.com, and pages.dev. These platforms allow the creation of free subdomains, which can be used to host phishing campaigns or distribute malware. Shutting down such threats is challenging because subdomain providers must intervene directly, often leading to delays in mitigation.

The Role of ICANN and the Industry

The Internet Corporation for Assigned Names and Numbers (ICANN) oversees the domain registration ecosystem, but its policies have drawn criticism. Despite years of evidence highlighting the abuse of new gTLDs, ICANN plans to introduce even more extensions in the near future. Critics argue that without stricter regulations, this expansion will only widen the playing field for cybercriminals.

John Levine, a well-known cybersecurity author, aptly describes the challenge: “ICANN needs to decide whether it’s a neutral regulator or just a domain speculator trade association.” His concerns echo those of many in the cybersecurity community who believe that proactive measures are essential to curbing abuse.

Mitigation Strategies

Securing the digital landscape against these threats requires a collective effort:

  • Stronger Policies: Registrars should implement rigorous identity verification processes, making it harder for criminals to register domains anonymously.

  • Provider Accountability: Subdomain platforms must limit automated account creation and introduce stricter controls to prevent abuse.

  • User Vigilance: Individuals can protect themselves by:

    • Inspecting URLs carefully before clicking.
    • Avoiding unsolicited links.
    • Enabling two-factor authentication on all accounts.

  • Advanced Monitoring: Businesses should leverage tools like intrusion detection systems, domain monitoring services, and phishing simulators to stay ahead of evolving threats.

A Call for Responsibility

While innovation drives progress, it also introduces risks. New gTLDs and subdomain services were created with positive intentions—to foster accessibility and diversity online. However, their misuse by malicious actors highlights the urgent need for responsibility across all stakeholders, from regulators and registrars to users and businesses.

As someone dedicated to the field of cybersecurity, I believe we must strike a balance between innovation and security. By implementing stricter policies, promoting user education, and fostering collaboration, we can make the internet a safer place for everyone.

Final Thoughts

This article reflects my observations and research on the challenges posed by the misuse of new gTLDs. I hope it serves as a resource for cybersecurity enthusiasts, students, and professionals alike. For more insights and updates, stay tuned to my website, rokibulroni.com.

Share article

Subscribe to my newsletter

Receive my case study and the latest articles on my WhatsApp Channel.