Cybercrime

Alleviating the Risks .zip and Similar Domain Extensions Could Pose via DNS Intelligence

Google's announcement of the launch of the .zip ngTLD was met by a lot of debate. Many believe threat actors could abuse the ngTLD for phishing and other malicious campaigns, primarily since it could be easily confused with the .zip file extension.

How the SVB and Credit Suisse Crash Was Reflected in the DNS

We've proven time and again that the effects of current events always extend to the DNS. Just last month, two big banks - the Silicon Valley Bank (SVB) and Credit Suisse - collapsed. Financial experts said more banks may be bound to follow.

Subdomain Hijacking Vulnerabilities Report: One in Five DNS Records Are Left in a State in Which They Are Vulnerable to Subdomain Hijacking

Global businesses rely on the internet for everything -- websites, email, authentication, voice over IP (VoIP), and more. It's part of an organization's external attack surface and needs to be continuously monitored for cybercrime attacks and fraud.

Looking for Traces of Social Media-Based Celebrity Scams in the DNS

Infoblox, in its Q4 2022 Cyber Threat Report, featured a "Meta" coin scam using fake celebrity endorsements targeting users in the European Union (EU). The analysis revealed several indicators of compromise (IoCs), specifically four domains and one IP address, that could help the public avoid the perils the scams posed.

Uncovering Stolen Card E-Shops Using DNS Intelligence

Ever wondered where the personally identifiable information (PII) phishers steal from victims end up? More likely than not, they're put up for sale on the ever-growing number of online stolen card shops.

Black Basta Ransomware DNS Investigation Led to OneNote and Courier Impersonation

Among the most active and rapidly spreading ransomware in 2022 was Black Basta. It was first detected in April 2022 and victimized nearly 100 organizations in North America, Europe, and Asia by September that same year. As a ransomware-as-a-service (RaaS) malware, Black Basta employs double extortion to force victims to pay the ransom.

Shining the WHOIS and DNS Spotlight on International Fraud

Scammers and fraudsters have been making life hard for users the world over for a long time now. To help expose potential malicious campaigns, threat researchers like Dancho Danchev have been collating indicators of compromise (IoCs) that can be used in further investigations.

Gauging the Scale of an Active Ransomware Gang’s Infrastructure

Ransomware gangs are now a dime a dozen. But in reality, victims rarely engage directly with their members. They are, in fact, more likely communicating with what the cybersecurity community has dubbed "ransomware affiliates" who earn as much as 75% of the ransom payment.

Beyond Healthcare IoCs: Threat Expansion and EHR Impersonation Detection

The healthcare industry has had a rough couple of years since the COVID-19 pandemic started. But this didn't stop threat actors from attacking the sector, with several healthcare organizations targeted by ransomware, data breach, and other cyber attacks.

Detecting Malware Disguised as OneNote with Threat Intelligence

We've seen threat actors abuse almost all Windows OS applications in their campaigns, disguising malware as macros, Word documents, Excel spreadsheets, and PowerPoint presentations to trick users into opening and executing them. Most recently, they've been spreading malware in the guise of OneNote documents to cause mayhem.