Looking Back at 2024: Key Insights and Preparing for a Secure 2025

As we soon close 2024, we have gathered some of our expert insights from 2024 and recommendations to help you safeguard your digital assets in 2025.


DOMAIN TRENDS

New gTLDs on the Horizon
ICANN (Internet Corporation for Assigned Names and Numbers), the governing body for domain names, has announced the next application round for new generic top-level domains (gTLDs) in spring 2026. These domains provide organizations an opportunity to secure unique extensions tailored to their brand, culture, or region.

What does this mean for you?

• Businesses should start evaluating the potential value of new gTLDs for their brand strategy.
• Local governments, industries, and niche communities can leverage this opportunity to secure customized domain extensions that align with their identity and audience.
• Strengthen your brand and security by owning a custom top-level domain (TLD). This grants complete control over domain registrations beneath your TLD, like “home.yourcompany.” Several organizations leverage this for branding (e.g., home.saxo, home.sandvik) and enhanced security.
  
  

.AI and .IO Domains.

.AI Domains: The .AI domain, originally tied to Anguilla, has become synonymous with artificial intelligence. Since 2013, usage has surged by over 12,000%. This explosive growth has made .AI domains a valuable asset — but also a target for cybercriminals.

Our recommendations:

• Register Your .AI domain: Protect your brand by registering your .AI domain before someone else does.
• Consider Domain Acquisition: If a third party already owns your .AI domain, explore acquiring it to mitigate potential reputational or security risks.

.IO Domains: Uncertainty Ahead?  With the UK’s decision to relinquish control over the Chagos Islands, questions about the future of .IO domains have emerged. While ICANN prioritizes stability, businesses relying on .IO should consider alternative domain strategies to mitigate potential disruptions. Although a complete shutdown of .IO is unlikely.

How to stay prepared:

• Evaluate alternative domain options for critical online services.
• Monitor developments related to .IO domains and ICANN’s decisions to minimize risks.
  
  

DOMAIN SECURITY IN FOCUS

Protecting Against DNS Poisoning
DNS poisoning—redirecting users to malicious websites—has become again a prevalent cyberattack method. Once a DNS entry is compromised, attackers can steal sensitive data, such as login credentials or financial information. Securing your DNS infrastructure is no longer optional; it’s a must for 2025.

How can you protect your business?

1. implement DNSSEC: Protect your domain from DNS poisoning by enabling DNSSEC (Domain Name System Security Extensions).
2. Partner with a enterprise class DNS provider: Work with a provider offering robust security features to reduce the risk of DNS-based attacks such as DNS Cach poisoning and DNS based DDoS attacks. Focus on a enterprise class provider like IBM NS1 to ensure high performance and robust security.
3. Regular Monitoring: Continuously monitor your DNS configurations and conduct audits to detect vulnerabilities.

DDoS Attacks on the Rise
Cloudflare’s latest DDoS Threat Report reveals a staggering 49% quarter-on-quarter increase in DDoS attacks in 2024. The financial services sector faced the highest volume of attacks, with China and Indonesia being the most affected regions.

CERTIFICATES AND DIGITAL TRUST

Shorter SSL Certificate Lifespans
The shift toward shorter SSL/TLS certificate validity periods is accelerating, with apple’s proposals to reduce lifespans to as little as 47 days by 2028. While this enhances security, it increases the administrative burden. The proposed change will occur gradually in steps of 200 days, 100 days, and 47 days. Although this is far in the future, it is important to start planning and preparing for this shift as early as possible. This approach ensures better conditions for managing the transition smoothly and effectively.

How to prepare for this shift:

• Automating Certificate Management: As SSL certificate lifecycles shorten, manual issuance processes become impractical and prone to errors. Automation is required for efficient and reliable certificate management.
• Adopting ACME Protocol: This allow seamless, automated certificate issuance and renewal.
• Implement CAA records: Gain control over certificate issuance for your domains by implementing CAA records. This enforces a policy allowing only approved Certificate Authorities to issue certificates, with audit logging for any unauthorized attempts.

ONLINE BRAND PROTECTION

Managing your brand’s online presence is crucial, therefore its important to protect your brand from threats like counterfeiting, piracy, and unauthorized distribution, which can damage both your revenue and brand reputation. During 2023 global counterfeit trade reached $4.2 trillion, emphasizing the need for proactive monitoring and enforcement strategies.

Our recommendations for 2025 is that Brand owners should implement robust anti-counterfeiting measures and infringement strategies such as monitoring services and enforcement framework to protect your consumers and your brand from potential brand damage and costly legal procedures. We recommend you to collaborate with a trusted partner who can guide and assist you in every stage of the process.

 
PHISHING

Cybercrime continues to grow at an alarming rate, with phishing emerging as one of the most pervasive threats. According to the Federal Bureau of Investigation, the United States recorded over 880,000 cybercrime complaints in the past year, resulting in an estimated $12.5 billion in direct monetary losses. The increasing scale and sophistication of these attacks have prompted the World Economic Forum to rank cyberthreats among the top five risks to global security and economic stability in the short term.

Phishing, a form of cyberattack where malicious actors use fraudulent emails and websites to impersonate trusted entities, remains a leading method for stealing sensitive information. Attackers often rely on bulk domain registration to carry out these attacks at scale. Interisle’s fourth annual Phishing Landscape Report highlights that 27% of all domains used in phishing campaigns were registered in bulk—a practice that allows attackers to quickly and cheaply create networks of deceptive websites.

Recommendations for 2025:

• Implement DMARC, SPF, and DKIM
  Protect your email communications by adopting these protocols to prevent unauthorized use of your domain for phishing emails.
• Invest in Domain Monitoring & Enforcement services
  Use monitoring services to detect suspicious domain registrations and phishing attempts targeting your brand along with enforcement services to take immediate action.
• Secure Your Website with Trusted Certificates
  Protect your users and data by ensuring your site uses SSL/TLS certificates from reputable and enterprise classed Certificate Authorities.
• Enable Registry Lock
  Add an extra layer of security to your business-critical domains to prevent unauthorized changes.

Predictions for 2025

1. Continued Growth in DMARC Adoption: More organizations will implement DMARC policies to combat email-based phishing attacks, driven by major players like Google and Yahoo. Read more about the new requirements here!
2. Shorter lifespans for digital certificates: We predict that there will be some kind of announcement from one of the major browsers regarding shorter certificates that will come into effect in either late 2025 or 2026.
3. Continued demand for centralization of digital assets (domains, DNS & certificates) to create business synergies and increase overall control & security. Read why it’s beneficial to centralize the management of all digital assets here!

Need help preparing for 2025? For tailored recommendations or support in implementing these strategies, contact us!