WHOIS data has usually been the starting point for security professionals, incident responders, and forensic investigators when a suspected cyber attack takes place. WHOIS registrant, administrative, and technical details are deemed reliable by investigators, as using fake registrant credentials when purchasing a domain is a violation of the Internet Corporation for Assigned Names and Numbers (ICANN) terms of service.
By making it a requirement for domain owners to provide their email address and other personal details and making them publicly accessible, the ICANN has somehow given them the accountability to use their websites ethically and legally. While this policy has neither eradicated nor even prevented cybercrime completely, it does provide a valuable resource for forensic investigation and threat prevention.
As such, these publicly available records have been used to trace sources of malware, detect and investigate fraud, as well as tracking down cyber attackers.
A registrant’s email address, for instance, allows investigators to directly contact the owner of a domain without having to go through other channels. Email addresses are also a handy resource for domain disputes and complaints about copyright infringement, among other things. WHOIS data, in its totality, is an abundant reservoir that aids organizations in strengthening their cybersecurity posture.Continue reading
Hospitals and other healthcare service providers have been among criminals’ favorite breach targets in the past few years. One of what has been dubbed the biggest data breaches of the 21st century involved a healthcare insurance giant — Anthem.
The Anthem breach reported in February 2015 was said to have exposed around 78.8 million customer records. This incident put the personal data of the insurer’s clients at risk of theft. The question is: could Anthem have prevented the breach? This downloadable white paper will take a look at the case in greater detail and illustrate how Domain Research Suite can help.Continue reading
It’s no secret that Cybercriminal operations are not very different from how legitimate businesses operate. Much like a CEO heads a global corporation, a mastermind may stand behind the most notorious and widespread cybercriminal gang.
In the early 2000s, the most prominent cybercriminal rings had a mafia-like structure as they were led by the so-called “dons”. Each don had a right-hand man known as a “consiglieri,” who made sure the wheels of the operation kept turning.
The very first cybercriminal gangs that gained notoriety for reaping millions of dollars from victims the world over while evading capture for years include CarderPlanet, Shadowcrew, and the RBS WorldPay Gang. Times may have changed, and the rings’ structure, tools, tactics, and targets may no longer follow those of the old crews, but cybercriminal attacks continue to linger on. Though we still see reports on the misdeeds of individual threat actors today, cybercriminal rings continue to wreak greater havoc due to the scale of their operations — the case in point: The Business Club.Continue reading
They say that becoming a cybercrime victim is, in this day and age, a matter of “when” and not “if.” But that doesn’t mean you should let fate determine your company’s future. Focus instead on enhancing your business’s security posture by protecting your brand from all sorts of online threats. A great means to safeguard your digital assets is through Brand Monitor — a specialized online brand protection component of the WhoisXML API Domain Research Suite.
This white paper will tell you how Brand Monitor can help your company combat specific cyber threats like domain name typosquatting, website spoofing, and phishing.Continue reading
In this white paper, we give an overview of the Domain Name System, or DNS, one of the pillars of the Internet. We start by understanding the goal: to assign names to named resources on the Internet and to maintain their database. For this, it is important to understand the structure of domain names and DNS zones. The roles of the actors in the system are domain maintainers, registries and Network Information Centers. The structure of delegation of authority will also be clarified. We give an overview of the structure of data available in the DNS, notably, the resource records (RRs) occurring in zone files. We also review the technology side: the DNS protocol, its operations supporting queries of name resolution, zone file transfers necessary to maintain the system and for reverse mapping. We briefly mention the most popular implementations, notably, BIND, which may be the most prevalent DNS server software. This necessitates a little insight into netblocks and Classless Inter-Domain Routing (CIDR). We address the internal security issues of the DNS as well as the crucial role it plays in cybersecurity. Finally, we provide some references for further reading.Continue reading
How to geolocate the IP address of our customers? This is one of the questions businesses are repetitively asking because when they know the answer, it becomes easier to plan out strategic and tactical operations successfully — e.g., reaching out to target audiences, setting up offices and stores, promoting new products, and gaining momentum.
Location is also a crucial element of interacting with clients, and it should not only be taken into consideration by brick-and-mortar organizations but also by online stores whose buyers are scattered all over the Web.
So how can businesses put their hands on such critical information? That’s simple: They can geolocate IP addresses of their customers with an IP geolocation database, a resource that enables organizations to obtain location-based data quickly and, as a result, get to know where their consumers are.
In this whitepaper, let’s find out how employing IP Geolocation can benefit companies and what are its most prominent use cases across industries.Continue reading
The Web is a tangle of information. Data is everywhere and finding reliable sources can be a challenge in the era of fake news. Websites, as a prime example, can be informative, misleading, or even dangerous.
You may get your hands on something useful or be deceived into clicking on the wrong links or downloading unintended files... and learning more about domain owners and assessing whether they’re trustworthy or with a hidden or malicious agenda is notoriously hard.
This is where the powers of WHOIS database download services come in, whose applications are multiple — ranging from cybersecurity to marketing research to criminal investigation to ensuring a top position in search engine results. How so? This white paper considers a variety of use cases.Continue reading
Phishing is a way to obtain sensitive information by sending electronic communication pretending to have come from a reliable, trustworthy partner. According to the 2018 IBM X-Force Threat Intelligence Index, "Despite the increased use of chat and instant messaging applications, email continues to be one of the most widely used communication methods for any organization, and phishing attacks continue to be one of the most successful means of making unknowing insiders open the door to malicious attackers."Continue reading
If you’ve ever looked at a WHOIS entry, you probably know how much valuable information is contained within the records of just one domain registration. When this information is accurate, it can make getting in touch with other parties on the web a lot easier. In the real world however, accessing consistently accurate WHOIS data is more of a goal than anything else. For every accurate WHOIS record, there are many more inaccurate and sometimes fraudulent records...Continue reading
The domain information lookup service WHOIS publishes data about the owners of websites around the world. WHOIS also contains personal information of the European Union (EU) citizens. Further, the database maintains location and infrastructure information of cybercriminals who set up websites with malicious intent...Continue reading
The Internet is not just the hotspot of all things digital and technical. Largely due to its ubiquity and countless (and frequently anonymous) points of entry, the web has given rise to a new breed of outlaw – cybercriminals who prey on the wealth of valuable information available online...Continue reading
The European Union (EU) may unintentionally be giving cyber criminals a helping hand. The EU’s well-intentioned efforts to promote data privacy through its newly launched General Data Protection Regulations (GDPR) have also put handcuffs on the efforts of cybersecurity professionals to protect individuals and organizations from hackers. Unless global Internet authorities and infosec professionals are able to achieve a rapprochement with the EU, black hats may gain unprecedented advantages over white hats. Otherwise, the cybersecurity community will have to develop new approaches to protecting individuals and enterprises against hackers...Continue reading