Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through so-called registrars, a type of business that plays a key role in the domain name industry. This implies that registrars play an important part in safeguarding against malicious takeovers of domains. In this paper we empirically study how registrars implement security controls to prevent against such takeovers. We focus on the top 10 most popular registrars for the .nl ccTLD. We present the results of this study in light of a model for the impact of domain takeovers, that analyses the possible consequence of a takeover. We contrast this against the impact of two other well-known threats: ransomware and DDoS attacks. We find that all registrars in our study implement relatively effective security measures, but that they fall short in more advanced security controls, such as the proper implementation of two-factor authentication. We also find that a domain takeover can have significant impact, potentially equalling that of a ransomware attack.

翻译：域名是组织的关键资产。它们支撑着组织的在线形象和声誉，并作为网络服务（例如电子邮件）的连接枢纽。因此，恶意劫持域名可能导致重大损失。组织通过所谓的域名注册商（在域名行业中扮演关键角色的商业实体）来注册域名。这意味着注册商在防范域名恶意劫持方面发挥着重要作用。本文通过实证研究，考察注册商如何实施安全控制措施以防止此类劫持。我们聚焦于荷兰国家顶级域名（.nl ccTLD）排名前十的流行注册商。基于域名劫持影响模型（该模型分析劫持可能造成的后果），我们展示了研究结果，并将其与另外两种众所周知的威胁——勒索软件和分布式拒绝服务（DDoS）攻击——的影响进行对比。我们发现，所有受研究的注册商均实施了相对有效的安全措施，但在更高级的安全控制（如双因素认证的妥善实施）方面仍存在不足。我们还发现，域名劫持可能造成重大影响，其潜在后果或可与勒索软件攻击相提并论。