We have been monitoring COVID-19 cyber threats for several months now. More recently, we partnered with GeoGuard to enrich a dataset of coronavirus-themed URLs and IP addresses with WHOIS data and domain reputation scoring, followed by a passive DNS analysis to enlarge the malicious footprint under the study. The three sections in this post discuss the results of our research in greater depth.
Expanding one’s business online footprint with the right domain names should not just be left to business decision-makers, but also involve cybersecurity experts. Though old domains can bring benefits to the table, no enterprise wants to end up with those having a sinister past. WHOIS history queries via solutions such as WHOIS History Lookup, Search (from the Domain Research Suite), or API can help avoid that.
How so? Digging into a domain’s WHOIS history allows you to gather more context about its past ownership, including whether it may have belonged to threat actors at some point and should therefore require greater scrutiny.
We compiled a list of domain history no-nos that can put a strain on your ventures’ success (possibly landing your website on blacklists) or even cause harm to whoever might get into contact with them.
Did you know that an IP address can be a good starting point for a cybercrime investigation or even just a routine check of suspicious activities? For instance, when you go to malware data feeds, or any threat intelligence site, one of the usual indicators of compromise (IoCs) you’ll see are known malicious IP addresses.
However, like any threat data, an IP address becomes utterly useless when it doesn’t provide any meaningful details. What then? Tools such as WHOIS Lookup might help to dig deeper.
So, what exactly is WHOIS Lookup, and what information can it provide about an IP address?
Indicators of compromise (IoCs) are anomalous network or computer artifacts such as malware signatures, file hashes, or domains that point to a possible breach. This data is aggregated from multiple external threat feeds and log files from internal applications and systems. The analysis of IoCs is part and parcel of an infosec professional’s daily workload. After all, an organization’s security hinges on its ability to detect and act on IoCs that could lead to full-blown cyber attacks timely.
Every day, analysts encounter IoCs of varying severity, as reported by their organization’s security orchestration, automation, and response (SOAR) and security information and event management (SIEM) solutions. The problem with such alerts is that some may be associated with old IoCs that are no longer active or are now being used for legitimate purposes.
That explains the need for constant IoC management. By monitoring IoCs in context, security analysts can find out which ones warrant their attention most as the volume of alerts can easily overwhelm an understaffed security team. But was does “context” mean here? And which sources of data can support in providing it?
Landing on the first page of search engine results is critical for any company operating online, especially given that 75% of Internet users don’t bother to check succeeding pages when querying information. This calls for great SEO, but SEO processes can be tricky as there are multiple parameters to consider. One of these parameters is your web hosting infrastructure, which can become more transparent with a tool such as Reverse IP Lookup.
In particular, Reverse IP Lookup helps users avoid using oversubscribed IP addresses. Oversubscription could affect a website’s standing, speed, and accessibility, three factors that can make or break SEO efforts.
Data breaches could cost organizations an average of $3.92 million per incident. The average ransomware payout, on the other hand, stands at $41,198 per occurrence, with the largest payout recorded to date amounting to $1.14 million. It’s essential to be meticulous when it comes to cybersecurity as a seemingly inconsequential hole in an organization’s network could result in millions of dollars’ worth in damages.
Covering every possible attack vector is, therefore, a must for cybersecurity teams, and one attack vector that cybercriminals often use is a domain name. Ransomware, for instance, usually gets injected into a victim’s system through a phishing email that contains a link to a malicious domain. The threat could also unknowingly get dropped onto a victim’s computer when he/she visits an infected website.
Therefore, every aspect of a domain should be inspected, including its WHOIS history records. That way, no stones are left unturned, and one cybersecurity product that could prove useful in this regard is WHOIS History Lookup. This tool allows users to look into the ownership history of a given domain, even before a possible redaction of WHOIS records.
Nominet’s takedown of 28,937 malicious sites is a small triumph for law enforcement and other internet stakeholders. With help from authorities, the domain registry has been on a quest to purge the .uk namespace of rogue domains since 2009. Now, for the first time in five years, the total number of suspended domains has finally reflected a decline. The figure may not seem like a lot, considering that it only accounts for 0.22% of the 13 million domains registered in the U.K. Still, it was a milestone for an industry fraught with prolific bad actors. In the U.K. alone, an average of 800 cyber attacks per hour hit councils. This number translates into around 263 million in just half a year.
Curbing cybercrime is an essential undertaking for internet authorities, in light of new digital technologies, and the Internet’s evolving business model. Unfortunately, lack of resources at both the domain level and cybersecurity know-how, as well as legal barriers, slow down authorities in their efforts to hunt down perpetrators. This can be made easier, though, with a bulk domain lookup solution.
Bulk WHOIS API is a good example of a research tool that cyber investigators, electronic crime units, and regulatory agencies can rely on to faster inspect a significant volume of domains. With an IP address, email address, or domain name, users can obtain pertinent registrant information for a group of web addresses. Let’s take a closer look at how users can get more out of the solution.
It is pretty standard for cybercriminals to spend time exploring a network for weaknesses they can exploit. That’s why cybersecurity experts must continuously monitor their systems and logs for any signs of future attacks. They can do so with various IP and domain intelligence tools, notably using IP Netblocks API as a first step.
How exactly? In this post, we provide a demonstration of how organizations can better ensure their infrastructure’s security and possibly even prevent breaches.