60,000 .EU Registrations Correctly Identified As Malicious By APEWS

Since its launch EURid’s Project APEWS – Advanced Prevention and Early Warning System – has correctly detected over 60,000 malicious .eu domain name registrations since January 2018, including just over 2,000 since its official launch in December 2019. While this is only 1.67% of the more than 3.6 million .eu domains registered, it’s still a significant amount and has undoubtedly had an impact on reducing cybercrime in the .eu space.

EURid, the organisation that manages the .eu top-level domain, launched their award winning AI-driven system that can detect which .eu domain names will be used for malicious purposes, and automatically suspends them before they can do any harm. It is the first ever system that can detect domain name abuse before it takes place and bases its decisions on novel machine learning algorithms developed at KU Leuven. EURid worked on APEWS alongside KU Leuven for four years.

In 75% of the cases where the system flagged a domain name, the prediction was confirmed by third-party abuse indicators.

“Creating a trustworthy .eu space is our primary goal,” said CEO Marc Van Wesemael. “APEWS is the flagship of our prevention strategy. It has a deterrent effect on cybercriminals, making .eu domains safer for its users.”

In announcing the impact of APEWS, EURid explains how cybercriminals use domain names to send spam, to distribute malware or to set up a botnet (a network of private computers infected with malicious software and controlled as a group). Until recently, blacklists were the best way to react to these attacks. Subscribers could block incoming or outgoing communication with ‘bad’ domain names on the list. But blacklists can only be used once the harm has already been done.

APEWS, on the other hand, kicks in at the very beginning: when a .eu domain name is registered.

First, parts of the 3.6 million .eu domain names were matched against blacklists. Every detail of the matching domain names was then used to train the predictive model. This resulted in a comprehensive scoring model.

APEWS now continuously watches over the safety of the .eu cyberspace. Every newly registered domain name is scored on these predictive indicators. If the score is too low, the domain name is automatically suspended before it’s active.

This process discourages cybercriminals to use a .eu domain name in the first place. The system continuously learns from previous experience, making it more and more difficult for cybercriminals to avoid detection.

The 2 awards won by EURid’s abuse prevention mechanism were, firstly, the eco Domains award, and secondly EURid’s paper on Abuse Prevention and Early Warning System won one of the two “Distinguished Paper Awards” at the Annual Computer Security Applications Conference (ACSAC).

This article was updated on 17 February 2020 to note that the 60,000 malicious .eu domain names detected were since January 2018 and that since December 2019 just over 2,000 malicious domains had been detected.