|
The world continues to produce and consume digital content at an increasingly fast pace across channels—making risk exposure continuously greater in the process. To tackle this problem, digital risk protection allows organizations to address digital risk factors and monitor and reduce their attack surface. Digital risk protection is a holistic approach to cyber defense in the sense that it covers social media risks, Deep and Dark Web monitoring, brand infringement, cyber threat detection, and other aspects.
Threat intelligence sources such as subdomain, IP, and Domain Name System (DNS) intelligence can make digital risk protection more robust and reliable. While there are countless risk factors in the digital world, we focused on three of them in this post.
An important consideration of digital risk protection solutions is their ability to prevent malicious domains and IP addresses from accessing a company’s network. DNS and disposable email domains databases are intelligence sources that can help reduce risk.
For one, disposable email domains are quite often used by threat actors in spam campaigns. More sophisticated phishing campaigns can also carry data-stealing software and other types of malware.
DNS databases, on the other hand, can augment the threat hunting capability of digital risk protection solutions. They help track down the DNS footprints of malicious domains and reveal associations with other domains.
To illustrate, we traced the DNS footprints of ypwosgnjytynbqin[.]com, a suspected malware-hosting site that distributes Ramnit. DNS Lookup revealed the following details that could enhance digital risk protection:
Associated domains: 27 domains resolve to the same IP address. Each domain is also possibly related to Ramnit and are therefore worth looking into. In fact, the second object in the list below, auqpdabknaty[.]com, is tagged malicious by various entities on VirusTotal.
Digital risk protection also encompasses brand protection. Aside from the reputational risks that brand infringement brings, cybersquatters and impersonators could also use lookalike domains in phishing campaigns.
Domain intelligence sources such as Typosquatting Data Feed can help detect domains that appear to imitate a brand or company name. A day after the Facebook Campus launch, for example, 11 typosquatting domain names appeared on the DNS.
Associating with third-party vendors is becoming more common regardless of company size. Business boundaries are often blurred, exposing organizations to different risks, including those related to security, financial soundness, and compliance. The massive Facebook data breach of 2019, for instance, was attributed to third-party app developers who leaked the personal data of millions of users. Monitoring network integrity regularly is a must to lessen exposure to third-party risks.
Another third-party risk that digital risk protection can help mitigate has to do with the trail of digital assets created by organizations as part of their operations. For example, e-commerce websites may need to point different subdomains to their Shopify store. In another scenario, an e-commerce site may shift its web hosting to Shopify, dropping previous web hosting providers. When subdomains that are no longer used are forgotten, they may become entry points for attackers.
Consider the website luxyhair[.]com, which we found on a list of Shopify stores. When we ran the domain on Subdomains Lookup, the tool returned six subdomains.
One of the subdomains, blog[.]luxyhair[.]com, has not been updated for about four months and looks like it is no longer used since the company now has a dedicated page for blogs (luxyhair[.]com/blogs/hair-blog). The subdomain blog[.]luxyhair[.]com also points to Squarespace, another web hosting service provider, which says the website has expired.
Since the account is no longer used by Luxy Hair, an attacker could theoretically take over the subdomain unnoticed and use it for phishing and malware campaigns.
Digital risk protection aims to defend organizations against a wide variety of digital threats. We only discussed three of them in this post. We also illustrated how tools such as Subdomains Lookup, DNS Lookup, Typosquatting Data Feed, and Disposable Email Domains Database could help lessen associated risks. These threat intelligence sources can strengthen digital risk protection solutions and strategies.
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign