Whois XML API Enterprise Blog

Posted on March 25, 2020

Leveraging Cyber Threat Intelligence: Must-Dos for Companies To Prevent Phishing and Other Attacks

While phishing is considered one of the oldest threats in any cyber attacker’s arsenal, it still manages to work. The targeted organization or individual, social engineering bait, and the manner in which information gets stolen or malware is delivered may change. Still, the motivation often remains: to take someone’s details or even identity.

In many phishing scams, cybercriminals opt to create a fake company pretending to offer services that may be hard for users to resist. Such is the case of two confirmed phishing domains we analyze throughout this piece—technoarubacloud[.]com and teichdata[.]at. Any visitor lured to avail themselves of these two fake suppliers’ offerings is likely to be tricked into handing over personally identifiable information (PII) to the criminals behind the bogus sites.

In short, phishing and cyber attacks in general will continue to occur. So how can individuals and companies alike prevent themselves from falling into information-stealing traps? Following the four-stage process in this post aided by reliable cyber threat intelligence solutions may be the answer.

Continue reading

Posted on February 3, 2020

The Equifax Settlement Case: Shielding Financial Service Customers from Phishing with Domain Research Monitoring

Data breaches continue to plague organizations today. In the first six months of 2019 alone, 3,813 data breaches were recorded, exposing more than 4.1 billion records. This figure translates to more than a 50% increase in victim volume over the past four years. Worse still, three of these recently recorded data breaches made it to the all-time list of top incidents.

Of all these unfortunate events, we decided to take a closer at Equifax’s case. First, because it has been the financial sector’s biggest breach victim to date. Second, because it shows how cybercriminals insist on exploiting every vulnerability there is. It’s indeed possible that malicious entities are now trying to trick victims into disclosing more personally identifiable information (PII) on fake Equifax settlement websites.

We then used the Domain Research Suite (DRS) to show how potential targets can avoid falling prey to instances of phishing and cybersquatting attacks.

Continue reading

Posted on January 9, 2020

Yahoo! Data Breach Settlement: A Deep Dive into Fake Websites through Domain Name Monitoring

The massive Yahoo! data breach that lasted from 2012 to 2016 is one of the most notable data breaches to date, with 3 billion accounts compromised. Users’ names, birthdays, email addresses, phone numbers, and even encrypted and unencrypted security questions and answers were just some of the information stolen and potentially peddled in underground markets.

The good news is that those who have been affected can now claim benefits for the damages and losses they incurred. They can get two years of free credit monitoring or US$100–25,000 in cash as settlement for theft and potential fraud. Those interested can check if they are eligible for settlement payment by contacting the administrator of the official data breach settlement site, yahoodatabreachsettlement.com.

It seems those who suffered from the Yahoo! compromise could rest easy, right? Probably not as new threats arose shortly after the breach settlement announcement. Much like the case when Equifax announced its breach settlement details and informed victims where they could file claims, several fake websites mimicking Yahoo!’s settlement website surfaced. Those who are not careful could end up exposing even more personally identifiable information (PII) instead of obtaining remuneration from what they already lost.

To better illustrate this point, we have used various of our domain intelligence tools to study what the emerging threat environment around Yahoo! settlement site looks like and present recommendations on how to mitigate the resulting risks.

Continue reading

Posted on December 12, 2019

Privacy or Accountability: What the Redaction of WHOIS Data Means for Cybersecurity

WHOIS data has usually been the starting point for security professionals, incident responders, and forensic investigators when a suspected cyber attack takes place. WHOIS registrant, administrative, and technical details are deemed reliable by investigators, as using fake registrant credentials when purchasing a domain is a violation of the Internet Corporation for Assigned Names and Numbers (ICANN) terms of service.

By making it a requirement for domain owners to provide their email address and other personal details and making them publicly accessible, the ICANN has somehow given them the accountability to use their websites ethically and legally. While this policy has neither eradicated nor even prevented cybercrime completely, it does provide a valuable resource for forensic investigation and threat prevention.

As such, these publicly available records have been used to trace sources of malware, detect and investigate fraud, as well as tracking down cyber attackers.

A registrant’s email address, for instance, allows investigators to directly contact the owner of a domain without having to go through other channels. Email addresses are also a handy resource for domain disputes and complaints about copyright infringement, among other things. WHOIS data, in its totality, is an abundant reservoir that aids organizations in strengthening their cybersecurity posture.

Continue reading

Updated on September 22, 2019

Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry

Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.

For example, the latest stats show that one in every 99 emails you get each day has ties to a phishing attack, the majority of which come laced with malware specially crafted to harvest victims’ financial credentials or use popular brands as social engineering bait.

A great example would be an email offering a considerable discount that the victim may find very hard to resist. So she clicks the link to a site where she’s asked to fill in her personal data, including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get the items she supposedly bought and so complained to the store via all possible means — email, phone, and social media.

What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through the muck. What can the victimized company do? Could it have prevented the phishing attack? These are just some of the things this article answers by analyzing Zara’s real-life case study.

Continue reading

Posted on August 23, 2019

Threat Intelligence API: Walking the Cybersecurity Talk

To many, threat intelligence still sounds like a strange term. Some specialists even claim that it’s not for every business out there and recommend either adopting it correctly or abstaining altogether… and they might have a point.

The truth is that failing to deploy threat intelligence the right way is like painting with a broad brush with no idea of the bigger picture. Adding to this is the fact that making informed decisions in the world of cybersecurity requires you to have the necessary data close at hand.

The good news is that software such as Threat Intelligence API allows actionable data to be readily integrated into various processes and solutions. This product is composed of six sub-APIs: Domain’s Infrastructure Analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation. Each of them provides specifics on specific areas of the host’s infrastructure.

But before we talk about them in more detail, let’s start with the current threat landscape to understand the relevance of threat intelligence in general and Threat Intelligence APIs in particular.

Continue reading

Posted on March 19, 2019

Threat Intelligence Platform Investigation #1: Payoneer Phishing Scam Hunted

It’s no exaggeration to say that cybercrime is plaguing the Internet and, consequently, business operations carried out online. As a response to that challenge, a growing number of businesses have started to move away from reactive cybersecurity practices in favor of new ones, such as threat hunting, which involves the proactive search for threats and exploitable vulnerabilities.

But even though proactivity is a battle half won, what does a threat hunt look like in practice? This report explores a real-life use case and illustrates how modern perpetrators operate as well as describing the techniques threat hunters can apply to detect and investigate foul schemes.

Continue reading

Posted on January 10, 2019

Fight against phishing e-mail with WHOIS: A technical blog based on the 2018 "Airbnb" case

Phishing is a way to obtain sensitive information by sending electronic communication pretending to have come from a reliable, trustworthy partner. According to the 2018 IBM X-Force Threat Intelligence Index, "Despite the increased use of chat and instant messaging applications, email continues to be one of the most widely used communication methods for any organization, and phishing attacks continue to be one of the most successful means of making unknowing insiders open the door to malicious attackers."

Continue reading
Try our free and fully functional account!
Get started