Threat Intelligence

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Reverse WHOIS: A Powerful Process in Cybersecurity

Blogs

What Are the Connections to Identified Hafnium Malicious IP Addresses?

Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more

78% of Cybersecurity Professionals Expect an Increase in DNS Threats, Yet Have Reservations

A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks. more

Cybersecurity Tech Accord: 98% of Registrar Whois Requests Unrequited

When a brand goes so far as to ask a domain name registrar for Whois (the registration contact details) of a potentially abusive domain name, there's likely a lot at stake. Most often, the request is prompted by consumer safety concerns, such as the risk to consumers posed by a malicious site. Other times, the demand has a simple goal: to have a dialog with the registrant about the use of trademarks or other intellectual property in order to avoid extreme action. more

An Institute to Combat DNS Abuse

Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more

3 Most Scary Attacks that Leaked Personally Identifiable Information (PII) of Millions of Users

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being "data is the new gold" in this digital world, and the more sensitive some data is, the more value it has. There is no more sensitive data than personally identifiable information because it contains enough information to identify you digitally. Examples of personally identifiable information include name, email, contact number, address, social security number, tax file number, banking or financial information, and more such data that helps identify you. more

Let's Not Forget About Solar Flares

As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field. more

Clarivate Domain Survey Reveals a 10% Increase in Cyberattacks

Clarivate has once again surveyed global business leaders about the importance of domain names to their organizations, including the role of domains as intellectual property (IP) assets. The 2020 survey followed up on our 2019 survey, revealing key year-over-year trends in how organizations manage, secure and budget for domain names. In this blog, we review key trends from the new report. more

Information Protection for the Domain Name System: Encryption and Minimization

In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more

Securing the DNS in a Post-Quantum World: Hash-Based Signatures and Synthesized Zone Signing Keys

In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more

Notorious Markets, Scams and Implications for Brands

On January 14, 2021, the Office of the United States Trade Representative (USTR) released its 2020 Review of Notorious Markets for Counterfeiting and Piracy (the Notorious Markets List, or NML). This publication enumerates online and physical markets that have been reported to engage in trademark, counterfeiting, and copyright infringement at scale. For the first time, the NML documents show how internet platforms play a part in bringing illicit goods into the US. more

Reality Check on the 5G Security MAGAverse

As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry's real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. more

WHOIS Record Redaction and GDPR: What's the Evolution Post-2018?

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more

Verisign Outreach Program Remediates Billions of Name Collision Queries

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. more

Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3

In my previous post, I described the first broad scale deployment of cryptography in the DNS, known as the Domain Name System Security Extensions (DNSSEC). I described how a name server can enable a requester to validate the correctness of a "positive" response to a query -- when a queried domain name exists -- by adding a digital signature to the DNS response returned. more

The Domain Name System: A Cryptographer's Perspective

As one of the earliest protocols in the internet, the DNS emerged in an era in which today's global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like other parts of the internet of the day, did not have cryptography built in. Today, cryptography is part of almost every protocol, including the DNS. And from a cryptographer's perspective, as I described in my talk at last year's International Cryptographic Module Conference (ICMC20), there's so much more to the story than just encryption. more

News Briefs

PIR Launches New Institute to Combat DNS Abuse

DNSSEC Now Deployed in all Generic Top-Level Domains, Says ICANN

Backlash Over Potential Firing of U.S. Election Cybersecurity's Top Official

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Trust Has Eroded Within the Cybercriminal Underground Causing a Switch to Ecommerce Platforms

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

Israel's Entire Voter Registry Exposed, the Massive Data Leak Involves 6.5 Million Voters

Highly Sensitive Domain Corp.com Up for Sale by Original Owner, Calls It a 'Chemical Waste Dump'

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Microsoft Announces Plans to Adopt DoH in Windows

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap Worldwide, Says New Study

Leading Domain Registries and Registrars Release Joint Document on Addressing 'DNS Abuse'

EU Member States Release Report on Coordinated Risk Assessment on Cybersecurity in 5G Networks

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

27 Countries Issue Joint Statement on 'Advancing Responsible State Behavior in Cyberspace'

Most Viewed

Taking Back the DNS

Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?

DNS Changer

How to Stop Spam

Sender Address Verification: Solving the Spam Crisis

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

WhoisXML API Updates – Sponsor

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

Did you know that a comprehensive subdomain database can give you 69,383 fully qualified domain names (FQDNs) with the string "firewall," 241,654 FQDNs for "cctv," and 19,048 FQDNs for "scada"? That data can give cybersecurity researchers possible starting points for an article or even a full-blown research paper. more

Come April, Nothing Is Certain Except Phishing and Taxes

In the past years, threat actors have made it a point to prey on U.S. taxpayers using phishing emails supposedly from the Internal Revenue Service (IRS). The goal is often to trick victims into giving their login credentials to various platforms. This year is no different. more

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

On 13 March, IBM X-Force Exchange published nine artifacts -- three domain names and six IP addresses -- related to a squatting campaign targeting JPMorgan Chase and its stakeholders. We dug deeper into the list in hopes of publicizing additional artifacts that users may need to be wary of. more

An In-Depth Look at the Risks Kozow.com Subdomains May Pose to Internet Users

Kozow[.]com hosts the website of free dynamic Domain Name System (DNS) service provider Dynu Systems. It has been cited for ties to several malicious activities over the past few months. To see if it would be a good idea for organizations to consider blocking the domain from their networks, we collated a list of kozow[.]com subdomains and subjected them to deeper scrutiny. more

How Do You Choose the Best Threat Intelligence Platform for Your Company?

Experts often say every cyber threat intelligence team needs a threat intelligence platform, but what is it really and how do you choose the best one for your company? Andreas Sfakianakis, in his recent SANS Institute CTI Summit 2021 talk titled "Excelling at Threat Intelligence Platform Requirements," inspired us to take a deeper look. more

Keeping Track of Ramnit through Artifact Expansion

Ramnit stands out as a malware as it continues to evolve and requires cybersecurity experts and law enforcement agents to stay alert. Variants have been recently detected, so that security companies such as Prevailion advise organizations to keep Ramnit on their radar. more

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

In a recent study INKY subjected around 657 million emails in 2020 and found almost 5 million phishing campaigns, more than 590,000 of which were brand impersonations. It then came up with a list of the top 25 most phished brands in a 2021 report. more

Industry Updates

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

How Reverse IP Lookup API Can Help Detect Connected Domains

Come April, Nothing Is Certain Except Phishing and Taxes

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

An In-Depth Look at the Risks Kozow.com Subdomains May Pose to Internet Users

How Do You Choose the Best Threat Intelligence Platform for Your Company?

Keeping Track of Ramnit through Artifact Expansion

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence

SolarWinds Cyber Intel Analysis Part 2: A Look at Additional CISA-Published IoCs

How to Monitor IP Netblocks for Possible Targeted Attacks

Enriching Know-Your-Customer (KYC) Practices With IP Intelligence

Post-Riot Domain Registration Trends: Findings From Tracking Trump-Related Domains and Subdomains

Blind Eagle Targeted Attack: Using Threat Intelligence Tools for IoC Analysis and Expansion

Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs

Participants – Random Selection