Home / Industry

How Can Domain Intelligence Analysis Help in Vetting Third-Party Providers

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

For 16 months, PayMyTab, a third-party payment provider, leaked the private data of customers who dined in a U.S. restaurant when it failed to follow a simple yet essential security protocol.

Just last month, an anonymous tip sent to vpnMentor revealed that the information of customers who paid for their meals using the third-party payment system was exposed. The details of the leak are as follows:

  • PayMyTab failed to change the Amazon Web Services (AWS) Simple Storage Service (S3) security settings to private since July 2, 2018.
  • This failure resulted in the exposure of personally identifiable information (PII) of customers who used it to settle their restaurant bills. The service sent receipts via email or text message.
  • The researchers informed the vendor about the data breach on October 22 and 27.

A data breach resulting from an error like this highlights the importance of vetting third-party providers. Carefully examining service providers’ infrastructure is necessary to make sure that they have the right tools and protocols in place not to compromise your network and customer data. In this particular case, the customers’ PII can be used for subsequent attacks.

Cybercriminals can, for instance, obtain access to the customers’ other accounts if they reuse passwords. They can also guess the obscured parts of customers’ credit card numbers and use clones for physical purchases or just the numbers for card-not-present transactions.

The sad part is that even if PayMyTab now secures its S3 database, the damage has been done. How can restaurants like those dragged through the mud avoid a similar scenario?

Our Investigation Tool: Domain Reputation API and Others

It is a must for any business to exercise caution when it comes to ensuring the safety of its customers. Establishments cannot loosely accept a third-party service provider’s claims when it comes to cybersecurity. Instead, they must proactively seek to prevent security issues across their entire supply chain—notably by working with their providers to address gaps before finalizing their working relationship.

The buck shouldn’t stop there, in any case. Companies must continually monitor the health of both their network and their partners’. Apart from limiting third-party access to internal systems and data, they can perform a domain intelligence analysis using tools such as Domain Reputation API. This solution can be integrated into existing solutions to gauge the trustworthiness of the domains it interacts with instantly. It can also be used to vet potential providers.

Let us see the tool in action. If your organization, for instance, is looking to partner with a startup with the domain—evoxhosting[.]com. (Note that the domain was obtained from a publicly available list of suspected phishing sites, PhishTank.) Your contact gave you their site, and so, you decided to run it through Domain Reputation API to see if it can be trusted.

Looking at the warnings, you should know that the domain may be prone to man-in-the-middle (MitM) attacks that use forged certificates since its HTTP Public Key Pinning (HPKP) headers are not set. It also doesn’t use HTTPS, has a misconfigured Transport Layer Security Authentication (TLSA), and does not have Online Certificate Status Protocol (OSCP) stapling enabled. The last two misconfigurations won’t allow the site to use Domain Name Security Extensions (DNSSEC), which adds another layer of protection against cyber attacks.

It may also be a good idea to run the domain through a WHOIS search. This can give more information on the domain’s owner. Such a check is useful if you want to be sure that its owner has had no ties to any malicious activity in the past. In this case, the latest WHOIS record for evoxhosting[.]com shows that the domain was registered less than 100 days ago (at the time of writing). Also, most of the registrant’s contact and location information has been redacted by a domain privacy service based in an off-shore country.

* * *

Vetting third-party providers should be a must for all organizations. They need to know that any incident that involves their partners could have repercussions for them too. They can rely on domain intelligence analysis tools like Domain Reputation API to keep their systems, data, and network safe from supply chain risks.

By Threat Intelligence Platform (TIP), Enterprise-Grade Threat Intelligence APIs, Tools, and Services

Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign