WHOIS information is indispensable for any cybersecurity researcher. It is an essential resource for tracking down registration owners for a variety of reasons that range from settling trademark and cybersquatting disputes to configuring websites. With WHOIS records, a security analyst or website administrator can quickly get in touch with a registrant owner to resolve or file a dispute, transfer a domain with ease, or set up a valid Secure Sockets Layer (SSL) certificate.
While phishing is considered one of the oldest threats in any cyber attacker’s arsenal, it still manages to work. The targeted organization or individual, social engineering bait, and the manner in which information gets stolen or malware is delivered may change. Still, the motivation often remains: to take someone’s details or even identity.
In many phishing scams, cybercriminals opt to create a fake company pretending to offer services that may be hard for users to resist. Such is the case of two confirmed phishing domains we analyze throughout this piece—technoarubacloud[.]com and teichdata[.]at. Any visitor lured to avail themselves of these two fake suppliers’ offerings is likely to be tricked into handing over personally identifiable information (PII) to the criminals behind the bogus sites.
Consider this scenario: You just got wind that a prolific cybercriminal has recently been spotted. You want to avoid joining his/her list of victims, of course. The question is how you go about it. Building attacker profiles, notably with WHOIS, might help.
Of course, that has become harder now that much stricter privacy protection laws like the General Data Protection Regulation (GDPR) are in effect. Typical WHOIS searches for a list of sites to avoid may no longer work since many domain owners, especially in the European Union (EU), can opt to redact their personal information from registration records.
Not everyone is truly aware of the ramifications of buying a domain. There are many factors to consider in order to make a good purchase and later avoid undesirable connections to, say, malicious individuals and their networks. So, how could a domain name be dangerous, after all? Those in the cybersecurity industry know that cyber attackers can weaponize a domain name for use against organizations and networks.
This article aims to shed light on why domain buyers, such as those without cybersecurity or marketing know-how, should conduct some research on domains of interest with the help of tools such as WHOIS Lookup, Domain Availability API or Domain Research Suite.
Given today’s threat landscape, known threats or those that get publicized are quite hard to protect against. However, risks that come from unknown sources are even harder to detect and block. Domain Name System (DNS)-based attacks fall into the second category for a variety of reasons, the topmost of which is that once domains are up and running, their owners put their security in the background.
There are ways to avoid becoming the next victim of a DNS-based attack, though. One of them is using a reliable reverse name server (NS) solution such as Reverse NS Lookup. But before we delve into further details, let us first discern why attackers take advantage of inherent DNS weaknesses to get to their targets.
Infosec professionals are invariably responsible for guaranteeing that their organizations’ websites remain accessible at all times. And so, they should be aware of the consequences of a single website outage. Network downtimes can cost most enterprises between $101,000 and $5,000,000 an hour.
The problem with outages, however, is that they mostly go undetected before they inflict noticeable damage. Customers don’t usually report website issues such as page time-outs unless a purchase was involved. As such, the discovery of these glitches often comes too late since your search engine rankings or conversion rates have already dropped significantly. Worse still, malicious actors may have even taken over your site infrastructure.
Cybercriminals use all possibilities which can serve their evil aims. They follow the headlines and react quickly – and they do not have ethical considerations. Even the drama of the coronavirus terrorizing the entire world and causing the deaths of thousands of people is seen as a good ’business’ opportunity to spread out some malware.
IBM X-force recently reported that the coronavirus went cyber via the Emotet trojan. Rather disgustingly, the miscreants send e-mails to people on behalf of respected health organizations, containing attachments claiming to inform about infection prevention measures. As the victim opens the attachment, it silently installs the trojan on the computer.
An IP netblock can be a critical piece of information for the companies that engage in online activities. Whether it’s for competitor research or to prevent IP address hijacking, IP netblock data allows technology professionals to deduce who owns a group of IP addresses to pursue their objectives and take relevant action from there.
That said, the ability to quickly derive this information could sometimes spell the difference between success and a missed opportunity, or mitigating or not a cybersecurity threat before it can affect one’s systems and networks.