Cybercrime

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

The U.S. Office of Public Affairs issued a statement on 4 September 2024 regarding the seizure of 32 websites that are believed to be part of the so-called "Doppelganger" campaign.

Investigating the Proliferation of Deepfake Scams

While deepfakes may sometimes be perceived as amusing, their potential for harm is significant and far-reaching. One finance worker for a multinational firm, for example, was tricked into paying out US$25 million to a deepfake scammer who pretended to be their company's chief financial officer (CFO) in a video call just this February.

Five Years of Domain Security Insights: CSC’s Latest Findings on Global 2000 Companies

This year marks the fifth annual release of CSC's "Domain Security Report," which continues to shed light on the evolving landscape of domain security among Global 2000 companies.

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Threat researcher Dancho Danchev recently uncovered 130 domains that seemingly belong to fake cryptocurrency sellers. The WhoisXML API research team sought to find potential connections to the threat by expanding the current list of indicators of compromise (IoCs) using our vast array of DNS intelligence sources.

Profiling a Popular DDoS Booter Service’s Ecosystem

Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed.

DNS Investigation: Is xDedic Truly Done for After Its Takedown?

Law enforcement agencies shut down xDedic, a cybercrime-as-a-service (CaaS) marketplace specifically providing web servers to cybercriminals, back in 2019. However, WhoisXML API threat researcher Dancho Danchev posits that parts of its backend infrastructure may remain traceable.

DNS Deep Diving into Pig Butchering Scams

New kids on the cybercrime block, pig butchering scams, have been making waves lately, and it is not surprising why. Scammers have been earning tons from them by being able to trick users into investing in seemingly legitimate business ventures but losing their hard-earned cash instead.

Investigating the UNC2975 Malvertising Campaign Infrastructure

Mandiant's Managed Defense Threat Hunting Team recently published an in-depth study of the malware distributed via what they have dubbed the "UNC2975 malvertising campaign." Users who have been tricked into clicking poisoned sponsored search engine results and social media posts ended up with computers infected with either the DANABOT or DARKGATE backdoor.

A Log4Shell Malware Campaign in the DNS Spotlight

The Log4Shell zero-day vulnerability, also known as "CVE -- 2021 -- 44228," proved to be one of the worst bugs disclosed in December 2021. And while a patch for it has been made available via the Log4j 2.17.1 release seven days after its discovery, some affected systems could remain vulnerable to date.