WhoisXML API Enterprise Blog
Cyber Threat Intelligence in Action: Malicious COVID Footprint Enrichment, Expansion, and Infrastructure Analysis
We have been monitoring COVID-19 cyber threats for several months now. More recently, we partnered with GeoGuard to enrich a dataset of coronavirus-themed URLs and IP addresses with WHOIS data and domain reputation scoring, followed by a passive DNS analysis to enlarge the malicious footprint under the study. The three sections in this post discuss the results of our research in greater depth.
Domain and IP Intelligence: Tracking the Spike in Coronavirus-Themed Domain Registrations
The first cases of COVID-19 infection came to the fore in December 2019. Five months later, the world is still reeling from the disease. The numbers are overwhelming. According to the Johns Hopkins Coronavirus Resource Center, more than 4 million people worldwide have gotten infected, over 290,000 of whom have died from the disease at the time of writing. And dismayingly, these numbers are still expected to rise.
In response, governments all over the world have imposed varying degrees of social distancing strategies. People are urged to stay home, schools are closed, mass transportation in many countries is suspended, and countless small businesses have ceased operations. For the majority, one consolation of being in home quarantine is their access to the Internet and, therefore, the world. But even on the Web, people are not safe from the virus.
Using our IP and domain intelligence, we detected an increasing trend toward coronavirus-themed domain bulk registrations—some of which may have to do with the proliferation of coronavirus-themed cybercrimes taking advantage of the pandemic. Let us show you our key findings.
How to Check Site Activity & Validity with Domain and IP Intelligence Tools
In an industry that increasingly gets more competitive every day, a seller’s reputation matters a lot. As personal selling is not possible online, e-commerce sites rely on several factors to establish consumer trust. Among them are reviews, which compensate for the lack of face-to-face transactions. In fact, 90% of consumers stated that positive reviews influence their purchasing decisions. Consistency in terms of the quality of one’s product and services also plays a crucial role in fostering trust.
But because digital commerce is cut-throat, online merchants sometimes resort to whatever it takes to maintain their share of the profits—even if they tarnish someone else’s reputation in the process. For instance, some sell replicas and pass them off as authentic items. They may also impersonate legitimate businesses on your site or manipulate product search results with blackhat marketing techniques. Finally, with the right exploit tools, some even manage to hijack someone else’s brand, starting with products and the target’s account.
This tutorial instructs users on performing vendor website assessments with enterprise-grade domain and IP intelligence solutions to prevent rogue sellers from abusing e-commerce platforms. But before we go on, let’s first deconstruct the reasons behind website audits.
Leveraging Cyber Threat Intelligence: Must-Dos for Companies To Prevent Phishing and Other Attacks
While phishing is considered one of the oldest threats in any cyber attacker’s arsenal, it still manages to work. The targeted organization or individual, social engineering bait, and the manner in which information gets stolen or malware is delivered may change. Still, the motivation often remains: to take someone’s details or even identity.
In many phishing scams, cybercriminals opt to create a fake company pretending to offer services that may be hard for users to resist. Such is the case of two confirmed phishing domains we analyze throughout this piece—technoarubacloud[.]com and teichdata[.]at. Any visitor lured to avail themselves of these two fake suppliers’ offerings is likely to be tricked into handing over personally identifiable information (PII) to the criminals behind the bogus sites.
In short, phishing and cyber attacks in general will continue to occur. So how can individuals and companies alike prevent themselves from falling into information-stealing traps? Following the four-stage process in this post aided by reliable cyber threat intelligence solutions may be the answer.Continue reading
The Equifax Settlement Case: Shielding Financial Service Customers from Phishing with Domain Research Monitoring
Data breaches continue to plague organizations today. In the first six months of 2019 alone, 3,813 data breaches were recorded, exposing more than 4.1 billion records. This figure translates to more than a 50% increase in victim volume over the past four years. Worse still, three of these recently recorded data breaches made it to the all-time list of top incidents.
Of all these unfortunate events, we decided to take a closer at Equifax’s case. First, because it has been the financial sector’s biggest breach victim to date. Second, because it shows how cybercriminals insist on exploiting every vulnerability there is. It’s indeed possible that malicious entities are now trying to trick victims into disclosing more personally identifiable information (PII) on fake Equifax settlement websites.
We then used the Domain Research Suite (DRS) to show how potential targets can avoid falling prey to instances of phishing and cybersquatting attacks.Continue reading
Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring
The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone numbers, and even encrypted and unencrypted security questions and answers were just some of the information stolen and potentially peddled in underground markets.
The good news is that those who have been affected can now claim benefits for the damages and losses they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as settlement for theft and potential fraud. Those interested can check if they are eligible for settlement payment by contacting the administrator of the official data breach settlement site, yahoodatabreachsettlement.com.
It seems those who suffered from the Yahoo! compromise could rest easy, right? Probably not as new threats arose shortly after the breach settlement announcement. Much like the case when Equifax announced its breach settlement details and informed victims where they could file claims, several fake websites mimicking Yahoo!’s settlement website surfaced. Those who are not careful could end up exposing even more personally identifiable information (PII) instead of obtaining remuneration from what they already lost.
To better illustrate this point, we have used various of our domain intelligence tools to study what the emerging threat environment around Yahoo! settlement site looks like and present recommendations on how to mitigate the resulting risks.Continue reading
Privacy or Accountability: What the Redaction of WHOIS Data Means for Cybersecurity
WHOIS data has usually been the starting point for security professionals, incident responders, and forensic investigators when a suspected cyber attack takes place. WHOIS registrant, administrative, and technical details are deemed reliable by investigators, as using fake registrant credentials when purchasing a domain is a violation of the Internet Corporation for Assigned Names and Numbers (ICANN) terms of service.
By making it a requirement for domain owners to provide their email address and other personal details and making them publicly accessible, the ICANN has somehow given them the accountability to use their websites ethically and legally. While this policy has neither eradicated nor even prevented cybercrime completely, it does provide a valuable resource for forensic investigation and threat prevention.
As such, these publicly available records have been used to trace sources of malware, detect and investigate fraud, as well as tracking down cyber attackers.
A registrant’s email address, for instance, allows investigators to directly contact the owner of a domain without having to go through other channels. Email addresses are also a handy resource for domain disputes and complaints about copyright infringement, among other things. WHOIS data, in its totality, is an abundant reservoir that aids organizations in strengthening their cybersecurity posture.Continue reading
Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry
Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.
For example, the latest stats show that one in every 99 emails you get each day has ties to a phishing attack, the majority of which come laced with malware specially crafted to harvest victims’ financial credentials or use popular brands as social engineering bait.
A great example would be an email offering a considerable discount that the victim may find very hard to resist. So she clicks the link to a site where she’s asked to fill in her personal data, including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get the items she supposedly bought and so complained to the store via all possible means — email, phone, and social media.
What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through the muck. What can the victimized company do? Could it have prevented the phishing attack? These are just some of the things this article answers by analyzing Zara’s real-life case study.Continue reading
Threat Intelligence API: Walking the Cybersecurity Talk
To many, threat intelligence still sounds like a strange term. Some specialists even claim that it’s not for every business out there and recommend either adopting it correctly or abstaining altogether… and they might have a point.
The truth is that failing to deploy threat intelligence the right way is like painting with a broad brush with no idea of the bigger picture. Adding to this is the fact that making informed decisions in the world of cybersecurity requires you to have the necessary data close at hand.
The good news is that software such as Threat Intelligence API allows actionable data to be readily integrated into various processes and solutions. This product is composed of six sub-APIs: Domain’s Infrastructure Analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation. Each of them provides specifics on specific areas of the host’s infrastructure.
But before we talk about them in more detail, let’s start with the current threat landscape to understand the relevance of threat intelligence in general and Threat Intelligence APIs in particular.Continue reading
Threat Intelligence Platform Investigation #1: Payoneer Phishing Scam Hunted
It’s no exaggeration to say that cybercrime is plaguing the Internet and, consequently, business operations carried out online. As a response to that challenge, a growing number of businesses have started to move away from reactive cybersecurity practices in favor of new ones, such as threat hunting, which involves the proactive search for threats and exploitable vulnerabilities.
But even though proactivity is a battle half won, what does a threat hunt look like in practice? This report explores a real-life use case and illustrates how modern perpetrators operate as well as describing the techniques threat hunters can apply to detect and investigate foul schemes.Continue reading
Fight against phishing e-mail with WHOIS: A technical blog based on the 2018 "Airbnb" case
Phishing is a way to obtain sensitive information by sending electronic communication pretending to have come from a reliable, trustworthy partner. According to the 2018 IBM X-Force Threat Intelligence Index, "Despite the increased use of chat and instant messaging applications, email continues to be one of the most widely used communication methods for any organization, and phishing attacks continue to be one of the most successful means of making unknowing insiders open the door to malicious attackers."Continue reading