Domain Names

Profiling a Popular DDoS Booter Service’s Ecosystem

Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.

A DNS Investigation of the Phobos Ransomware 8Base Attack

Intel-Ops researchers recently discovered that the 8Base Ransomware Group has been using Phobos ransomware to infect their targets' networks. 8Base has reportedly been active since mid-2023.

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

A decade-old advanced persistent threat (APT) group called "Stately Taurus," also known as "Mustang Panda" and "Earth Preta," was recently observed targeting Association of Southeast Asian Nations (ASEAN) countries in cyberespionage activities. Specifically, Palo Alto Networks observed two malware packages that may have been used to target Japan, Myanmar, the Philippines, and Singapore.

Subdomain Hijacking in the News Again - What is It?

In recent news, more than 13,000 subdomains of brands were hijacked for a large spam campaign that "leverages the trust associated with these domains to circulate spam and malicious phishing emails by the millions each day, cunningly using their credibility and stolen resources to slip past security measures."

Thoughts on RDRS for Brand Owners

This month, Stephanie Driver, CSC's marketing manager, spoke with Patrick Hauss, head of Corporate Development and Strategic Alliances EMEA, about the Internet Corporation for Assigned Names and Numbers (ICANN) Registration Data Request Service (RDRS) as part of an ongoing a series of interviews with CSC's Digital Brand services business experts, where we talk about industry issues across cybersecurity, domains, brand protection, and fraud protection.

A DNS Investigation of the Typhoon 2FA Phishing Kit

Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed "Typhoon 2FA" has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled.

Radix Releases H2 2023 Premium Domains Report, Reaches $4.8M in Total Premium Domain Name Retail Revenue

Radix, a leading top-level domain registry, recently released its Premium Domains Performance Report for the second half of 2023, highlighting significant growth and robust sales across its domain portfolio.

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed.

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

Glupteba, an advanced piece of malware, has been used in several cybercriminal attacks for more than a decade now. But Palo Alto's Unit 42 only brought to light one of the features that made it so effective - its Unified Extensible Firmware Interface (UEFI) bootkit component, which allowed it to intervene and control the operating system (OS) boot process and be extremely difficult to detect and remove, last November 2023.

Hunting for TimbreStealer Malware Artifacts in the DNS

A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico.