The internet’s oldest trust mechanism remains a key attack vector

The internet’s oldest trust mechanism remains a key attack vector Source: Help Net Security www.helpnetsecurity.com/2026/01/2… A new domain security study highlights that many large organisations continue to underinvest in DNS and domain zone protections, leaving foundational internet trust mechanisms exposed to abuse. The report finds that weaknesses in domain management, DNS configuration and monitoring, and registrar security controls remain common across enterprises. These gaps allow attackers to exploit domain trust as an initial access vector for phishing, malware distribution, credential harvesting and business email compromise. Researchers warn that while organisations increasingly invest in endpoint, cloud and identity security, core domain infrastructure is often treated as a static utility rather than a critical security control. As a result, compromised domains can be weaponised rapidly and at scale, often without immediate detection. The study underscores that domain security failures are not typically the result of advanced exploits, but rather of misconfigurations, insufficient monitoring, and unclear ownership of DNS and registrar governance within large organisations.