Domain Names

Drawing the Line Between SYS01 and Ducktail Through DNS Traces

Back in January of this year, we studied the infrastructure of Ducktail, a malware that trailed its sights on Facebook business owners and advertisers. Just this month, Morphisec researchers found a similar threat they've dubbed "SYS01."

2023 Update - How Are the Most-Spoofed Brands Represented in the DNS?

Even if cyber attack tactics, techniques, and procedures (TTPs) have become increasingly sophisticated over the years, age-old phishing remains the most-used attack vector to this day.

Probing Lorec53 Phishing through the DNS Microscope

Lorec53, a relatively new APT group according to NSFocus, actively targeted various Eastern European government institutions in 2021. The threat actors used well-crafted phishing campaigns to gather and steal data from their targets. Two years after their heyday, is the threat Lorec53 poses gone? Or has the group left still-active traces in the DNS?

Is Your Intranet Vulnerable to Attacks? Investigating Intranet Impersonation in the DNS

On 10 February 2023, Reddit announced it suffered a security incident where a phishing campaign led an employee to a website that imitated the network's intranet gateway.

Shining the WHOIS and DNS Spotlight on International Fraud

Scammers and fraudsters have been making life hard for users the world over for a long time now. To help expose potential malicious campaigns, threat researchers like Dancho Danchev have been collating indicators of compromise (IoCs) that can be used in further investigations.

5 Ways New gTLDs Have Evolved the Domain Investing Industry

It's undeniable that the domain industry has seen drastic changes throughout its existence. From new regulations and policies being introduced to digital communication and e-commerce forever changing the Internet as a whole, domains have cemented their place as a powerful multi-use tool that creates diverse opportunities for both individuals and organizations.

Gauging the Scale of an Active Ransomware Gang’s Infrastructure

Ransomware gangs are now a dime a dozen. But in reality, victims rarely engage directly with their members. They are, in fact, more likely communicating with what the cybersecurity community has dubbed "ransomware affiliates" who earn as much as 75% of the ransom payment.

Beyond Healthcare IoCs: Threat Expansion and EHR Impersonation Detection

The healthcare industry has had a rough couple of years since the COVID-19 pandemic started. But this didn't stop threat actors from attacking the sector, with several healthcare organizations targeted by ransomware, data breach, and other cyber attacks.

Detecting ChatGPT Phishing on Social Media with the Help of DNS Intelligence

Since its launch last November, the ChatGPT hype has only increased not only among users but also abusers. Cyble researchers recently spotted phishing attacks using supposed ChatGPT sites to phish for personally identifiable information (PII), specifically credit card data.

Detecting Malware Disguised as OneNote with Threat Intelligence

We've seen threat actors abuse almost all Windows OS applications in their campaigns, disguising malware as macros, Word documents, Excel spreadsheets, and PowerPoint presentations to trick users into opening and executing them. Most recently, they've been spreading malware in the guise of OneNote documents to cause mayhem.