Threat Intelligence

 Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   14,727

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   14,074

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   13,429

Threat Intelligence / Featured Blogs

Let’s Not Forget About Solar Flares

Feb 08, 2021

As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field.

Clarivate Domain Survey Reveals a 10% Increase in Cyberattacks

Feb 03, 2021

Clarivate has once again surveyed global business leaders about the importance of domain names to their organizations, including the role of domains as intellectual property (IP) assets. The 2020 survey followed up on our 2019 survey, revealing key year-over-year trends in how organizations manage, secure and budget for domain names. In this blog, we review key trends from the new report.

Information Protection for the Domain Name System: Encryption and Minimization

Jan 27, 2021

In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.)

Securing the DNS in a Post-Quantum World: Hash-Based Signatures and Synthesized Zone Signing Keys

Jan 22, 2021

In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability.

Notorious Markets, Scams and Implications for Brands

Jan 21, 2021

On January 14, 2021, the Office of the United States Trade Representative (USTR) released its 2020 Review of Notorious Markets for Counterfeiting and Piracy (the Notorious Markets List, or NML). This publication enumerates online and physical markets that have been reported to engage in trademark, counterfeiting, and copyright infringement at scale. For the first time, the NML documents show how internet platforms play a part in bringing illicit goods into the US.

Reality Check on the 5G Security MAGAverse

Jan 21, 2021

As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry's real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure.

WHOIS Record Redaction and GDPR: What’s the Evolution Post-2018?

Jan 19, 2021

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners.

Verisign Outreach Program Remediates Billions of Name Collision Queries

Jan 15, 2021

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings.

Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3

Jan 13, 2021

In my previous post, I described the first broad scale deployment of cryptography in the DNS, known as the Domain Name System Security Extensions (DNSSEC). I described how a name server can enable a requester to validate the correctness of a "positive" response to a query -- when a queried domain name exists -- by adding a digital signature to the DNS response returned.

The Domain Name System: A Cryptographer’s Perspective

Jan 11, 2021

As one of the earliest protocols in the internet, the DNS emerged in an era in which today's global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like other parts of the internet of the day, did not have cryptography built in. Today, cryptography is part of almost every protocol, including the DNS. And from a cryptographer's perspective, as I described in my talk at last year's International Cryptographic Module Conference (ICMC20), there's so much more to the story than just encryption.

Industry Updates

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

A DNS Deep Dive into the NetSupport RAT Campaign

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Study by WhoisXML API Explores IDNs, Native-Language Characters, and Homograph Attacks

The Extended Reach of the Extension Trojan Campaign in the DNS

Inspecting Konfety’s Evil Twin Apps through the DNS Lens

Hunting for U.S. Presidential Election-Related Domain Threats in the DNS

A Closer Look at the Meduza Stealer through a DNS Deep Dive

July 2024: Domain Activity Highlights

View More