On October 23rd the Internet Corporation for Assigned Names and Numbers (ICANN) announced the roll out of the first 4 gTLDS under its New gTLD Program. The new domains could pose a potential security threat to your organization.
gTLD stands for Generic Top Level Domain, these are widely used domains that are open to anyone who wants to register one like .com, .net, and .org. gTLD domains are distinct from Country Code Top Level Domains (ccTLD) like .us, .uk, and .nz in that ccTLD often have some restrictions in place as to who can register a domain and they are maintained by the individual country's Network Informatin Center (NIC) -- though this task is often outsourced.
Prior to the announcement of the New gTLD Program initiating a new gTLD was a costly and laborious task, in fact the last set of new gTLDs to roll out (.aero, .travel, .jobs) we largely seen as a failure. With the launch of the New gTLD program ICANN expects to increase the number of gTLDs from 14 to more than 2200.
What does that mean for your organization from a security perspective? It means there is now a wider security footprint that you have to monitor. Someone shopping for shoes on their lunch break might be going www.amazon.com, www.shoes.amazon, or www.amazon.shoes and wind up at the same place, or one of those domains could be fraudulent.
While there is a vetting process for setting up a gTLD and the traffic is monitored by ICANN for the first 30 days after that there are no security precautions in place, but each new gTLD remains part of the root name server ecosystem.
A private organization who makes it through the vetting process and passes the 30 days test is now able to do whatever it wants with the domains under its gTLD and it has the visibility of the whole world.
ICANN, and others, tout the benefits of the New gTLD Program, saying, "In the weeks and months ahead, we will see new domain names coming online from all corners of the world, bringing people, communities and businesses together in ways we never imagined. It's this type of innovation that will continue to drive our global society."
While all of that may be true, it also has the potential to add to the security headaches of your organizations.