Zoho, one of the world’s largest tech companies, was taken offline due to a domain registrar responding incorrectly to a phishing complaint.
The downtime resulted in nearly 30 million Zoho users being unable to access Zoho’s website. Manually updating DNS records helped some users, but many were left unable to access the site, following relatively low-level misuse of one of Zoho’s mail servers. This was compounded by the fact that the issue was caused by an automated system, and by the time a human had checked the findings, it was too late.
Cath Goulding, Head of Cyber Security at Nominet:
“This is a real-world manifestation of a very difficult issue for both domain providers and their customers, the fine line between security, uptime and the thorny issue of who decides to suspend a domain. Automation, machine learning and rules are a good way of spotting patterns of potential abuse, but with domains being so mission-critical, we also ensure human checks and balances are a part of the final decision.
“Given it is an underlying protocol for the way data moves around online, cyber criminals will continue to attempt to abuse the domain name system in a number of ways, everything from malicious redirects to social engineering. As with anything in security, it is a fluid situation and there is no definitive answer, only hard work and communication between the security teams on both sides.”