pith. sign in

arxiv: 2605.20984 · v1 · pith:YQ5CMQVNnew · submitted 2026-05-20 · 💻 cs.CR · cs.NI

Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover

Koen van Hove , Jeroen van der Ham-de Vos , Roland van Rijswijk-Deij This is my paper

Pith reviewed 2026-05-21 04:17 UTC · model grok-4.3

classification 💻 cs.CR cs.NI
keywords domain name securityregistrar practicesdomain takeovertwo-factor authenticationcyber impact assessmentDNS security
0
0 comments X

The pith

Top domain registrars offer basic takeover protections but commonly fail to implement two-factor authentication correctly, and a successful takeover can inflict damage on par with ransomware.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper studies security controls at the ten most popular registrars for Dutch .nl domains to see how well they guard against malicious domain takeovers. It finds that basic measures such as transfer locks and verification steps are in place across the board, yet advanced features like two-factor authentication are often implemented poorly or not at all. The authors also develop an impact model that compares the business consequences of a domain takeover to those of ransomware and distributed denial-of-service attacks. Organizations rely on their domains for web presence and email, so weaknesses at the registrar level create a single point of failure that can be exploited for large-scale disruption.

Core claim

All registrars in the study implement relatively effective security measures to prevent domain takeovers, but they fall short in more advanced security controls such as the proper implementation of two-factor authentication. A domain takeover can have significant impact, potentially equalling that of a ransomware attack.

What carries the argument

An empirical survey of registrar security practices combined with an impact model that quantifies domain takeover consequences in terms comparable to ransomware and DDoS attacks.

If this is right

  • Registrars should strengthen two-factor authentication to better prevent unauthorized domain transfers.
  • Organizations may need to add extra layers of protection beyond what their registrar provides.
  • Domain takeovers warrant preparation similar to ransomware incidents due to comparable potential damages.
  • The .nl registry could consider mandating stronger security standards for all accredited registrars.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Improving registrar security could reduce the overall attack surface for DNS-based attacks on critical infrastructure.
  • Similar studies on other top-level domains might reveal whether these patterns hold globally.
  • Future work could test whether mandating specific controls reduces takeover incidents in practice.

Load-bearing premise

The impact model for domain takeovers accurately reflects real consequences and allows direct comparison to ransomware and DDoS without major unmodeled variables or selection effects in the registrar sample.

What would settle it

A documented domain takeover incident whose measured financial and operational costs deviate substantially from the modeled ransomware-equivalent impact would challenge the equivalence claim.

Figures

Figures reproduced from arXiv: 2605.20984 by Jeroen van der Ham-de Vos, Koen van Hove, Roland van Rijswijk-Deij.

Figure 1
Figure 1. Figure 1: The National Institute of Standards and Technology (NIST) risk assessment table [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The Registry-Registrar-Reseller-Registrant relation [PITH_FULL_IMAGE:figures/full_fig_p002_2.png] view at source ↗
Figure 4
Figure 4. Figure 4: A screenshot of the website we created for the fic [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗
Figure 3
Figure 3. Figure 3: The top .nl registrars and resellers based on the [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: The agents, their TOTP brute force protections (BFP) [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: The information requested over the phone when we [PITH_FULL_IMAGE:figures/full_fig_p008_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: We registered domain names at each organisation from Figure [PITH_FULL_IMAGE:figures/full_fig_p009_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: The information A shows as account holder data. From top to bottom: 1) Name, 2) Street / House no., 3) Postal code / City, 4) Country, 5) E-mail address, and 6) Phone number. 4. A DDoS attack does not allow the attacker access to sensitive data, whereas a domain takeover can result in receiving email for the organisation, including possibly password reset emails, allowing them access to sensitive systems. … view at source ↗
Figure 9
Figure 9. Figure 9: The market share for the TLDs .nl, .fr, .no, and .uk, [PITH_FULL_IMAGE:figures/full_fig_p011_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: The flowchart we use for trying to gain access to an account by calling customer service. We do not press or guilt-trip [PITH_FULL_IMAGE:figures/full_fig_p016_10.png] view at source ↗
read the original abstract

Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through so-called registrars, a type of business that plays a key role in the domain name industry. This implies that registrars play an important part in safeguarding against malicious takeovers of domains. In this paper we empirically study how registrars implement security controls to prevent against such takeovers. We focus on the top 10 most popular registrars for the .nl ccTLD. We present the results of this study in light of a model for the impact of domain takeovers, that analyses the possible consequence of a takeover. We contrast this against the impact of two other well-known threats: ransomware and DDoS attacks. We find that all registrars in our study implement relatively effective security measures, but that they fall short in more advanced security controls, such as the proper implementation of two-factor authentication. We also find that a domain takeover can have significant impact, potentially equalling that of a ransomware attack.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper empirically studies security controls at the top 10 .nl registrars to prevent domain takeovers, presents an impact model comparing takeover consequences to ransomware and DDoS attacks, and concludes that registrars use relatively effective basic measures but fall short on advanced controls such as proper 2FA, while domain takeovers can produce impacts potentially equaling ransomware.

Significance. If the empirical observations and impact model hold after clarification, the work is significant for identifying concrete gaps in registrar practices that protect a critical internet asset and for offering a comparative risk framework that could guide organizations and policymakers. The focus on a real ccTLD sample and the explicit contrast with well-known threats add practical value to the domain-security literature.

major comments (2)
  1. [Methods] Methods section: no description is given of how registrar security controls were observed or evaluated (e.g., public documentation review, account creation tests, or direct queries), nor of the precise criteria used to judge 'proper implementation' of two-factor authentication. Without these details the claim that registrars 'fall short in more advanced security controls' cannot be verified or reproduced.
  2. [Impact Model] Impact Model section: the assertion that a domain takeover 'can have significant impact, potentially equalling that of a ransomware attack' rests on a hypothetical contrast of consequences without calibration against documented hijacking incidents, without explicit variables for domain usage (email vs. web), organization type, or recovery speed, and without addressing possible selection effects in the .nl top-10 sample.
minor comments (2)
  1. [Abstract] The abstract states findings but omits the sample size and any quantitative summary of the security assessment results.
  2. [Results] A table or appendix listing the specific controls examined for each registrar would improve clarity and allow readers to assess the 'relatively effective' versus 'fall short' distinction.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed review of our manuscript. We address each major comment point by point below and indicate the changes we will make in the revised version.

read point-by-point responses

  1. Referee: [Methods] Methods section: no description is given of how registrar security controls were observed or evaluated (e.g., public documentation review, account creation tests, or direct queries), nor of the precise criteria used to judge 'proper implementation' of two-factor authentication. Without these details the claim that registrars 'fall short in more advanced security controls' cannot be verified or reproduced.

    Authors: We agree that the current manuscript lacks a sufficiently detailed Methods section. In the revision we will add an explicit subsection that describes our evaluation process: we reviewed publicly available documentation, support articles, and security policy pages from each of the ten registrars; where terms permitted, we created test accounts to observe the actual authentication flows during registration and login. For assessing 'proper implementation' of two-factor authentication we applied the following criteria: (i) whether 2FA is mandatory rather than optional, (ii) whether it supports app-based or hardware tokens in addition to or instead of SMS, and (iii) whether recovery or bypass paths (e.g., SMS fallback) undermine the control. These additions will make the evaluation transparent and reproducible. revision: yes

  2. Referee: [Impact Model] Impact Model section: the assertion that a domain takeover 'can have significant impact, potentially equalling that of a ransomware attack' rests on a hypothetical contrast of consequences without calibration against documented hijacking incidents, without explicit variables for domain usage (email vs. web), organization type, or recovery speed, and without addressing possible selection effects in the .nl top-10 sample.

    Authors: The impact model is intentionally qualitative, contrasting potential consequence chains rather than providing a calibrated quantitative estimate. We accept that the section would benefit from additional grounding. In revision we will (a) reference publicly reported domain-hijacking incidents to illustrate real-world outcomes, (b) introduce explicit variables covering primary domain use (email versus web), organization type and size, and typical recovery timelines drawn from industry reports, and (c) add a short discussion of selection effects, noting that the top-10 .nl registrars were chosen because they manage the large majority of .nl domains while acknowledging that smaller registrars may exhibit different practices. These clarifications will strengthen the comparison to ransomware and DDoS without changing the overall conclusion. revision: partial

Circularity Check

0 steps flagged

Empirical registrar study with constructed impact model exhibits no circularity

full rationale

The paper reports an empirical survey of security controls at the top 10 .nl registrars together with a constructed qualitative impact model that contrasts domain takeover consequences against ransomware and DDoS. No mathematical derivations, equations, fitted parameters, or self-citations appear in the abstract or described structure. Central claims rest on external observations of registrar practices and an independently constructed model rather than any reduction of results to the paper's own inputs by definition or self-reference. The analysis is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claims rest on an impact model whose internal assumptions are not detailed in the abstract and on the choice of the top 10 registrars as representative; no free parameters or invented entities are visible from the provided text.

axioms (1)
  • domain assumption The top 10 most popular registrars for the .nl ccTLD are representative of security practices that matter for domain takeover risk.
    The study limits its scope to these registrars and treats their practices as indicative of the broader risk landscape.

pith-pipeline@v0.9.0 · 5751 in / 1225 out tokens · 36671 ms · 2026-05-21T04:17:46.403648+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

45 extracted references · 45 canonical work pages

  1. [1]

    Consumer attitudes toward data breach notifications and loss of personal information

    Lillian Ablon, Paul Heaton, Diana Lavery, and Sasha Romanosky. Consumer attitudes toward data breach notifications and loss of personal information. 2016. doi:10.7249/rr1187

    work page doi:10.7249/rr1187 2016

  2. [2]

    Risky BIZness: risks derived from registrar name management

    Gautam Akiwate, Stefan Savage, Geoffrey M Voelker, and Kimberly C Claffy. Risky BIZness: risks derived from registrar name management. InProceedings of the 21st ACM Internet Measurement Conference, pages 673–686, 2021

    work page 2021

  3. [3]

    CENTR.CENTRstatsGlobalTLDReport,12024.URL: https://centr.org/images/global_tld_report _2024_1.pdf

    work page

  4. [4]

    cameinthroughfrontdoor

    Richard Chirgwin. New York Times, twitter domain hijackers“cameinthroughfrontdoor”,Nov2013. URL: https://www.theregister.com/2013/08/27/twi tter_ny_times_in_domain_hijack/

    work page 2013

  5. [5]

    Understanding the role of regis- trars in DNSSEC deployment

    Taejoong Chung, Roland van Rijswijk-Deij, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. Understanding the role of regis- trars in DNSSEC deployment. InProceedings of the 2017InternetMeasurementConference,pages369–383, 2017

    work page 2017

  6. [6]

    CISA insights – CYBER: Mitigate DNS Infras- tructure Tampering

    CISA. CISA insights – CYBER: Mitigate DNS Infras- tructure Tampering. URL:https://www.cisa.gov/s ites/default/files/publications/CISAInsigh ts-Cyber-MitigateDNSInfrastructureTamperin g_S508C.pdf

    work page

  7. [7]

    What is DNS hijacking? how it took downCurveFinance’swebsite,May2025

    Cointelegraph. What is DNS hijacking? how it took downCurveFinance’swebsite,May2025. URL: https: //www.tradingview.com/news/cointelegraph: 9a15fa371094b:0-what-is-dns-hijacking-how -it-took-down-curve-finance-s-website/

    work page

  8. [8]

    WHOIS Protocol Specification

    Leslie Daigle. WHOIS Protocol Specification. RFC 3912, September 2004. URL:https://www.rfc-edi tor.org/info/rfc3912,doi:10.17487/RFC3912

    work page doi:10.17487/rfc3912 2004

  9. [9]

    The tangled web of pass- word reuse

    Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. The tangled web of pass- word reuse. InNDSS, volume 14, pages 23–26, 2014

    work page 2014

  10. [10]

    Keys to the (SAAS) kingdom, May 2025

    Lee Davis. Keys to the (SAAS) kingdom, May 2025. URL: https://cybercx.com/blog/keys-to-the -saas-kingdom/

    work page 2025

  11. [11]

    A File Format to Aid in Security Vulnerability Disclosure

    Edwin Foudil and Yakov Shafranovich. A File Format to Aid in Security Vulnerability Disclosure. RFC 9116, April 2022. URL:https://www.rfc-editor.org/ info/rfc9116,doi:10.17487/RFC9116

    work page doi:10.17487/rfc9116 2022

  12. [12]

    Cybercrime bitcoin revenue estimations: Quantifying theimpactofmethodologyandcoverage

    GibranGomez,KevinvanLiebergen,andJuanCaballero. Cybercrime bitcoin revenue estimations: Quantifying theimpactofmethodologyandcoverage. InProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS ’23, page 3183–3197, New York, NY, USA, 2023. Association for Computing Machinery.doi:10.1145/3576915.3623094

    work page doi:10.1145/3576915.3623094 2023

  13. [13]

    Paul E. Hoffman. DNS Security Extensions (DNSSEC). RFC 9364, February 2023. URL:https://www.rf c-editor.org/info/rfc9364 , doi:10.17487/RFC 9364

    work page doi:10.17487/rfc 2023

  14. [14]

    Registering Domain Names

    ICANN. Registering Domain Names. URL:https: //www.icann.org/resources/pages/register-d omain-name-2017-06-20-en

    work page 2017

  15. [15]

    SAC 074 | SSAC Advisory on Registrant Pro- tection: Best Practices for Preserving Security and Sta- bility in the Credential Management Lifecycle

    ICANN. SAC 074 | SSAC Advisory on Registrant Pro- tection: Best Practices for Preserving Security and Sta- bility in the Credential Management Lifecycle. URL: https://www.icann.org/resources/files/1194 801-2015-11-03-en

    work page 2015

  16. [16]

    What Does ICANN Do? URL:https://ww w.icann.org/resources/pages/what-2012-02-2 5-en

    ICANN. What Does ICANN Do? URL:https://ww w.icann.org/resources/pages/what-2012-02-2 5-en

    work page 2012

  17. [17]

    Guide for conducting risk assessments, Sep 2012

    Joint Task Force Transformation Initiative. Guide for conducting risk assessments, Sep 2012. URL:https: //csrc.nist.gov/pubs/sp/800/30/r1/final

    work page 2012

  18. [18]

    Global Cybersecurity Index 2024, May 2024

    International Telecommunication Union (ITU). Global Cybersecurity Index 2024, May 2024. URL:https: //www.itu.int/epublications/publication/gl obal-cybersecurity-index-2024. 13

    work page 2024

  19. [19]

    Asif Khan and Mureed Hussain

    M. Asif Khan and Mureed Hussain. Cyber security quantification model. InProceedings of the 3rd Interna- tional Conference on Security of Information and Net- works, SIN ’10, page 142–148, New York, NY, USA,

    work page

  20. [20]

    doi: 10.1145/1854099.1854130

    Association for Computing Machinery. doi: 10.1145/1854099.1854130

    work page doi:10.1145/1854099.1854130

  21. [21]

    Measuring the practical impact of{DNSSEC} deployment

    WilsonLian,EricRescorla,HovavShacham,andStefan Savage. Measuring the practical impact of{DNSSEC} deployment. In22nd USENIX Security Symposium (USENIX Security 13), pages 573–588, 2013

    work page 2013

  22. [22]

    SuqiLiu,IanFoster,StefanSavage,GeoffreyM.Voelker, and Lawrence K. Saul. Who is .com? learning to parse whois records. InProceedings of the 2015 Internet MeasurementConference,IMC’15,page369–380,New York, NY, USA, 2015. Association for Computing Ma- chinery.doi:10.1145/2815675.2815693

    work page doi:10.1145/2815675.2815693 2015

  23. [23]

    Mockapetris

    P. Mockapetris. Domain names - implementation and specification. RFC 1035, November 1987. URL:ht tps://www.rfc-editor.org/info/rfc1035 , doi: 10.17487/RFC1035

    work page doi:10.17487/rfc1035 1987

  24. [24]

    HOTP: An HMAC-Based One-Time Password Algorithm

    DavidM’Raihi,FrankHoornaert,DavidNaccache,Mihir Bellare, and Ohad Ranen. HOTP: An HMAC-Based One-Time Password Algorithm. RFC 4226, December

    work page

  25. [25]

    URL: https://www.rfc-editor.org/info/r fc4226,doi:10.17487/RFC4226

    work page doi:10.17487/rfc4226

  26. [26]

    Infrastructure patterns in toll scam domains: A comprehensive analysis of cybercriminal registration and hosting strategies

    Morium Akter Munny, Mahbub Alam, Sonjoy Ku- mar Paul, Daniel Timko, Muhammad Lutfor Rahman, and Nitesh Saxena. Infrastructure patterns in toll scam domains: A comprehensive analysis of cybercriminal registration and hosting strategies. In2025 APWG Sym- posium on Electronic Crime Research (eCrime), pages 1–13, 2025.doi:10.1109/eCrime66972.2025.113 27851

    work page doi:10.1109/ecrime66972.2025.113 2025

  27. [27]

    Goodsecuritypracticefordomainregistrars, Mar 2025

    NCSC-UK. Goodsecuritypracticefordomainregistrars, Mar 2025. URL:https://www.ncsc.gov.uk/coll ection/security-practice-domain-registrars

    work page 2025

  28. [28]

    JSON Responses fortheRegistrationDataAccessProtocol(RDAP)

    Andy Newton and Scott Hollenbeck. JSON Responses fortheRegistrationDataAccessProtocol(RDAP). RFC 7483, March 2015. URL:https://www.rfc-editor. org/info/rfc7483,doi:10.17487/RFC7483

    work page doi:10.17487/rfc7483 2015

  29. [29]

    Multifactor authentication cheat sheet

    OWASP. Multifactor authentication cheat sheet. URL: https://cheatsheetseries.owasp.org/cheatsh eets/Multifactor_Authentication_Cheat_Shee t.html

    work page

  30. [30]

    Selcuk Ulu- agac

    Harun Oz, Ahmet Aris, Albert Levi, and A. Selcuk Ulu- agac. A survey on ransomware: Evolution, taxonomy, and defense solutions.ACM Comput. Surv., 54(11s), September 2022.doi:10.1145/3514229

    work page doi:10.1145/3514229 2022

  31. [31]

    Dnspionage cam- paign targets middle east, Sep 2018

    PaulRascagneres andWarren Mercer. Dnspionage cam- paign targets middle east, Sep 2018. URL:https: //blog.talosintelligence.com/dnspionage-cam paign-targets-middle-east/

    work page 2018

  32. [32]

    Quantifying the Financial Impact of Cyber Security Attacks on Banks: A Big Data Analytics Ap- proach

    Hooman Razavi, Mohammad Reza Jamali, Morvarid- sadat Emsaki, Ali Ahmadi, and Mostafa Hajiaghei- Keshteli. Quantifying the Financial Impact of Cyber Security Attacks on Banks: A Big Data Analytics Ap- proach. In2023 IEEE Canadian Conference on Elec- trical and Computer Engineering (CCECE), pages 533– 538, 2023. doi:10.1109/CCECE58730.2023.102889 63

    work page doi:10.1109/ccece58730.2023.102889 2023

  33. [33]

    Schmidt, and Georg Carle

    Johann Schlamp, Josef Gustafsson, Matthias Wählisch, Thomas C. Schmidt, and Georg Carle. The abandoned side of the internet: Hijacking internet resources when domainnamesexpire. InMoritzSteiner,PereBarlet-Ros, andOlivierBonaventure,editors,TrafficMonitoringand Analysis, pages 188–201, Cham, 2015. Springer Interna- tional Publishing

    work page 2015

  34. [34]

    Thirty Years of DNS Insecurity: Current Issues and Perspectives.IEEE Communica- tionsSurveys&Tutorials,23(4):2429–2459,2021

    Giovanni Schmid. Thirty Years of DNS Insecurity: Current Issues and Perspectives.IEEE Communica- tionsSurveys&Tutorials,23(4):2429–2459,2021. doi: 10.1109/COMST.2021.3105741

    work page doi:10.1109/comst.2021.3105741 2021

  35. [35]

    NL control: No domain name changes without permission

    Stichting Internet Domeinregistratie Nederland. .NL control: No domain name changes without permission. URL: https://www.sidn.nl/en/product/nl-con trol

    work page

  36. [36]

    Vanaf 1 oktober geldt een verbod op privacy- en proxyservices onder .nl

    Stichting Internet Domeinregistratie Nederland. Vanaf 1 oktober geldt een verbod op privacy- en proxyservices onder .nl. URL:https://www.sidn.nl/nieuws-e n-blogs/vanaf-1-oktober-geldt-een-verbod-o p-privacy-en-proxyservices-onder-nl

    work page

  37. [37]

    Data breaches, phishing, or malware? understanding the risks of stolen credentials

    Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Co- manescu, Vijay Eranti, Angelika Moscicki, Daniel Mar- golis, Vern Paxson, and Elie Bursztein. Data breaches, phishing, or malware? understanding the risks of stolen credentials. InProceedings of the 2017 ACM SIGSAC Conference on Computer and Communicatio...

    work page 2017

  38. [38]

    doi: 10.1145/3133956.3134067

    Association for Computing Machinery. doi: 10.1145/3133956.3134067

    work page doi:10.1145/3133956.3134067

  39. [39]

    Have I Been Pwned

    Troy Hunt. Have I Been Pwned. URL:https://have ibeenpwned.com/About

    work page

  40. [40]

    Addressing the challenges of modern DNS a comprehensive tutorial.Computer Science Re- view, 45:100469, 2022

    Olivier van der Toorn, Moritz Müller, Sara Dickinson, Cristian Hesselman, Anna Sperotto, and Roland van Rijswijk-Deij. Addressing the challenges of modern DNS a comprehensive tutorial.Computer Science Re- view, 45:100469, 2022. URL:https://www.scienc 14 edirect.com/science/article/pii/S157401372 2000132,doi:10.1016/j.cosrev.2022.100469

    work page doi:10.1016/j.cosrev.2022.100469 2022

  41. [41]

    The wolf of name street: Hijacking domains through their nameservers

    Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis. The wolf of name street: Hijacking domains through their nameservers. In Proceedings of the 2017 ACM SIGSAC Conference on ComputerandCommunicationsSecurity,CCS’17,page 957–970, New York, NY, USA, 2017. Association for Computing Machinery.doi:10.1145/3133956.3133 988

    work page doi:10.1145/3133956.3133 2017

  42. [42]

    A framework for quantifying cyber security risks.Cyber Security: A Peer-Reviewed Journal, 4(4):302, Jun 2021.doi:10.69554/cykn323 1

    ReinderWolthuis,FrankPhillipson,Hidde-JanJongsma, and Peter Langenkamp. A framework for quantifying cyber security risks.Cyber Security: A Peer-Reviewed Journal, 4(4):302, Jun 2021.doi:10.69554/cykn323 1

    work page doi:10.69554/cykn323 2021

  43. [43]

    SoK: Quantifying cyber risk

    Daniel W Woods and Rainer Böhme. SoK: Quantifying cyber risk. In2021 IEEE Symposium on Security and Privacy (SP), pages 211–228. IEEE, 2021

    work page 2021

  44. [44]

    RethinkingthesecuritythreatsofstaleDNSgluerecords

    Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, and Eihal Alowaisheq. RethinkingthesecuritythreatsofstaleDNSgluerecords. In33rdUSENIXSecuritySymposium(USENIXSecurity 24), pages 1261–1277, Philadelphia, PA, August 2024. USENIX Association. URL:https://www.usenix.o rg/conference/usenixsecurity24/presentatio n/zhang-yunyi-rethinking

    work page 2024

  45. [45]

    available data

    Aaron Zimba and Mumbi Chishimba. On the economic impact of crypto-ransomware attacks: The state of the artonenterprisesystems.EuropeanJournalforSecurity Research, 4(1):3–31, 2019. 15 A Phone flow chart Figure 10: The flowchart we use for trying to gain access to an account by calling customer service. We do not press or guilt-trip the employee – we only p...

    work page 2019