Threat Intelligence

 Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   8,668

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   8,416

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   9,605

Threat Intelligence / Featured Blogs

Domains Under the Most-Abused TLDs: Same Old DNS Abuse Trends?

Feb 27, 2023

While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

May 31, 2021

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

What Are the Connections to Identified Hafnium Malicious IP Addresses?

Apr 16, 2021

Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more

78% of Cybersecurity Professionals Expect an Increase in DNS Threats, Yet Have Reservations

Feb 24, 2021

A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks. more

Cybersecurity Tech Accord: 98% of Registrar Whois Requests Unrequited

Feb 23, 2021

When a brand goes so far as to ask a domain name registrar for Whois (the registration contact details) of a potentially abusive domain name, there's likely a lot at stake. Most often, the request is prompted by consumer safety concerns, such as the risk to consumers posed by a malicious site. Other times, the demand has a simple goal: to have a dialog with the registrant about the use of trademarks or other intellectual property in order to avoid extreme action. more

An Institute to Combat DNS Abuse

Feb 17, 2021

Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more

3 Most Scary Attacks that Leaked Personally Identifiable Information (PII) of Millions of Users

Feb 12, 2021

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being "data is the new gold" in this digital world, and the more sensitive some data is, the more value it has. There is no more sensitive data than personally identifiable information because it contains enough information to identify you digitally. Examples of personally identifiable information include name, email, contact number, address, social security number, tax file number, banking or financial information, and more such data that helps identify you. more

Let’s Not Forget About Solar Flares

Feb 08, 2021

As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field. more

Clarivate Domain Survey Reveals a 10% Increase in Cyberattacks

Feb 03, 2021

Clarivate has once again surveyed global business leaders about the importance of domain names to their organizations, including the role of domains as intellectual property (IP) assets. The 2020 survey followed up on our 2019 survey, revealing key year-over-year trends in how organizations manage, secure and budget for domain names. In this blog, we review key trends from the new report. more

Information Protection for the Domain Name System: Encryption and Minimization

Jan 27, 2021

In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more

Industry Updates

DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn

Scouring the DNS for Traces of Bumblebee SEO Poisoning

A DNS Deep Dive: That VPN Service May Be OpcJacker in Disguise

Searching for Nevada Ransomware Digital Crumbs in the DNS

How the SVB and Credit Suisse Crash Was Reflected in the DNS

Dissecting 1M+ Malicious Domains Under the DNS Lens

Discovering Potential BEC Scam Vehicles Through the DNS

Looking for Traces of Social Media-Based Celebrity Scams in the DNS

Uncovering Stolen Card E-Shops Using DNS Intelligence

Detecting Possible Fraud Vehicles Specific to Latin America and the Caribbean

Drawing the Line Between SYS01 and Ducktail Through DNS Traces

Black Basta Ransomware DNS Investigation Led to OneNote and Courier Impersonation

2023 Update - How Are the Most-Spoofed Brands Represented in the DNS?

Probing Lorec53 Phishing through the DNS Microscope

Is Your Intranet Vulnerable to Attacks? Investigating Intranet Impersonation in the DNS

View More