Page 16 - Cyber Warnings
P. 16
In the modern cyber threat world, a rogue domain with an MX-record represents an immediate
danger. Frankly, there is only one reason for a criminal to activate the MX record of a copycat
domain, or to acquire a similar domain with an active MX record – to attack.
Think of MX records as an early warning system. When CISOs gain intelligence about rogue
domains with active MX records, they can take immediate steps to block any email to the
enterprise that originates from these possibly dangerous domains.
When an MX record goes active on a similar-looking domain, seconds count. Take decisive
action right away. Neutralize these potential attack platforms.
CISOs, you can raise your game when it comes to defending against modern spear phishing
attacks. In many cases it makes sense for security teams to take over domain monitoring,
integrating domain monitoring, anti-phishing, and other beyond-the-perimeter cyber defense
initiatives.
Of course, legal should still be alerted if any similar domains are discovered, because they
could still represent a trademark risk.
But by implementing integrated MX-record monitoring, and proactively blocking inbound emails
from these potential attack platforms, security is dramatically reducing the enterprises’ imminent
risks from spear phish or BEC attacks.
About the Author
Dylan Sachs
BrandProtect Services Director, Identity Theft and Anti Phishing
Sachs directs Identity Theft and Anti-Phishing efforts at BrandProtect. He works directly with
leading financial institutions, health care providers and Fortune 500 enterprises to help CISOs
and security teams deploy better defenses against modern email and identity theft attacks,
including socially engineered exploits.
Sachs also leads the Incident Response Team, responsible for developing actionable
intelligence on and mitigating the incidents that target our clients.
16 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
