Cyberattack

Cyberattack / Featured Blogs

OARC-40: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

Mar 10, 2023

OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ...

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Feb 22, 2023

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement...

DNSAI Compass: Six Months of Measuring Phishing and Malware

Feb 16, 2023

The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement.

How to Avoid Insider Threats Such as the Latest New York Post Hacking

Nov 22, 2022

New York Post has been "hacked" by an employee. To protect themselves from insider threats, companies can deploy zero trust and restrict access. On October 27, the New York Post published a string of racist and sexist articles on its website. Fabricated news about politicians, such as pieces concerning racist comments of a New York City mayor, has been headlining the publication.

The Hack Will Be a Costly Affair for Optus

Oct 17, 2022

More and more information is becoming available about the breach of Optus (Australia's second-largest telco). It looks like the hacker is more of an amateur than a professional criminal or a "state actor." This makes the hack even more worrisome. It looks as though Optus didn't have its security house in order. This makes the issue all the more painful for the company. It will dent its reputation, and customers could become somewhat wary about dealing with the company.

Branded Domains Are the Focal Point of Many Phishing Attacks

May 26, 2022

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified.

Securing Weak Links in Supply Chain Attacks

May 13, 2022

We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it.

Ukraine: What Are the Likely Implications for Norms and Discussions in Cyberspace?

Mar 14, 2022

The invasion of Ukraine by Russia on 24 February, and the events since, have shocked and horrified the world. The immediate focus must be on protecting the safety, security and human rights of the Ukrainian population. But we can already see how the war will also impact broader global events, discussions and behaviour, particularly relating to the digital environment.

New Research from CSC on the Impact of COVID-19 on Internet Security and Safety

Jan 26, 2022

Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing. Domain security intelligence is the first line of defense in preventing domain cyberattacks.

The UK Seeks to Enforce Tougher Standards on MSPs

Jan 21, 2022

The UK government is proposing new regulations to strengthen cyber resilience in the private sector. Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession. This is a welcomed development, but more details about implementation and enforcement are needed.

Industry Updates

Unlocking the DNS Strongbox of BADBOX 2.0

Unearthing the DNS Roots of the Latest Lotus Blossom Attack

Detectify vs Intruder: External Attack Surface Management on a Budget

Rounding Up the DNS Traces of RA World Ransomware

Tempering Tax Season Troubles with DNS Intel

Decrypting the Inner DNS Workings of EncryptHub

Tracing the DNS Footprints of REF7707

Igniting a DNS Spark to Investigate the Inner Workings of SparkCat

DNS Deep Diving Into 2025’s Up and Coming Ransomware Families

A DNS Investigation of SEO Manipulation via Bad Seed BadIIS

Malicious Ads Targeting Advertisers in the DNS Spotlight

Sneaking a Peek into the Inner DNS Workings of Sneaky 2FA

Unloading MintsLoader IoCs Using DNS Intelligence

DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up

DNS Deep Dive: Peeking into Back Doors to Abandoned but Live Backdoors

View More