Page 27 - Cyber Defense Magazine - Global Print Edition 2018
P. 27
at large. When an email is received notably for variations of your
from such an entity asking to confirm domain and subdomain names,
or update personal or confidential will help you evaluate whether
details, the temptation to comply the risk of impersonation is high. If
without doubting the origins of the this is the case, you can take timely
sender is high. precautionary measures and alert
customers and everybody else.
But what does all this have to do with
connected domains? Well, fraudsters
typically register confusingly similar 4. Malicious Domains Detected
names to make their phishing In an effort to maximize gains,
attacks even more credible and less cybercriminals typically use different
noticeable. So when you hear that a websites simultaneously to execute
famous brand is being impersonated cyber attacks at scale. While this
through phishy emails, you can sounds intimidating, your security
protect your staff with threat team can actually leverage that
intelligence by creating a list of all
domains that are too close to be approach to uncover networks of
legit and block those by putting fraudulent names.
corresponding mail servers and IP
addresses on a blacklist. For instance, once they have
2. Dangerous Neighboring Hosts identified a malicious domain, they
can use threat intelligence to start
Sharing hosting resources including looking for answers to questions such
IP addresses is like sharing a flat or as: Are domain registration details
office. Whatever your housemates including names and addresses,
or coworkers do can disrupt your regardless of whether these are
well-being and ability to live or work fake or not, uncoincidentally close?
normally. Similarly, neighboring Is the same cheap hosting provider
hosts’ bad practices such as spammy and infrastructure being used over
behaviors and fraudulent activities and over? Even hackers have limited
are likely to impact your online imagination and resources.
reputation and SEO. Worse, internet
service providers may even decide
to over-block your website warning 5. Suppliers and Vendors
visitors against it because others Last but not least, your cybersecurity
have misused and abused shared team can run a threat intelligence
infrastructure. analysis to keep track of the name
variations and registrant information
Checking connected domains here is of close business partners. This About the Author
necessary to ensure you do not end matters because if your staff is already
up associated with cybercriminals or unlikely to question the legitimacy Jonathan Zhang
is the founder
illicit content providers by mistake, of famous organizations, imagine and CEO of Threat
and therefore protect your integrity what data might be in danger when In t elligenc e
and reliability in the eyes of your fraudsters impersonate trusted long- Platform (TIP). He
customers, suppliers, and the press. term suppliers and vendors. has vast experience
in building tools,
3. Variations of Your Domain --- solutions, and
for
systems
Names Bottom line: Monitoring connected CIOs, security
professionals, and
It’s not just about protecting domains and the infrastructure third-party vendors and enjoys giving practical
yourself from external parties. behind them is a good example tips for better threat detection and prevention.
Security professionals also need of how threat intelligence enables Jonathan can be reached online at jonathan@
to make sure that the name of organizations to protect their threatintelligenceplatform.com and at our
their organization is not used for online reputation, customers, and company website
malicious ends. A thorough check employees. https://threatintelligenceplatform.com/
of all domains connected to yours,
CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018 – SPONSORED BY TREND MICRO 27
