Threat Intelligence

Given a Malicious Email Address, What Can You Discover with Maltego’s WhoisXML API Transforms?

On any given day, most of us get more emails that we won't read than those that we would. Many of these messages will remain unread and sent to the trash. There comes the third category of emails: Those we wished we hadn't read and acted upon because they are bound to be malicious, sent by cybercriminals trying to lure you into one of their scams.

Crypto-Related Domains and Subdomains: What’s Underneath the 30K of Them?

Cryptocurrencies keep making waves in the online community, making them prime vehicles of threat actors in scam, phishing, and other malicious campaigns. Fraudsters, for one, have stolen millions of dollars worth of cryptocurrencies from investors through websites that promise rewards, giveaways, and earning opportunities.

Looking Into the Latest Microsoft Exchange Server Vulnerability Exploitation

A threat actor reportedly infiltrated the network of and stole data from a financial institution about a month ago by exploiting any of four Microsoft Exchange Server vulnerabilities -- CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, or CVE-2021-27065. While patches for all these have been released, users who have not downloaded and installed these could remain at risk.

Hidden Botnet C&C on Legitimate Infrastructure? The Case of 000webhostapp[.]com

Threats can come from anywhere, even from legitimate hosting infrastructure. In fact, many cybercriminals often host their command-and-control (C&C) servers in known hosting providers' networks, sometimes those that offer bulletproof hosting services, to evade detection and consequent blocking.

A Deep Dive into Known Magecart IoCs: What Are the Connected Internet Properties?

Magecart-style attacks have been around for a while and continue to be mentioned in the news in 2021. We found and collected a list of 20 domain names that have been mentioned in the past months on VirusTotal as Magecart indicators of compromise (IoCs).

COVID-19-Related Bulk Domain Registrations: A Possible Case of DNS Abuse?

Addressing Domain Name System (DNS) abuse has been a priority of the Internet Corporation for Assigned Names and Numbers (ICANN), notably since March 2020. During its 70th conference, the organization's members talked about creating a web page defining DNS abuse-related terms, which should be updated over time, to help users report cases.

Protecting Intellectual Property Protects Consumers

Next week we will celebrate World IP Day. Observed annually on the 26th of April, World IP Day was created by WIPO in 2000 to highlight the critical role that intellectual property plays in our daily lives and in society as a whole.

“Voltswagen”: April Fool’s Prank, Brand Turmoil, and Bulk Domain Registrations

The accidental leak of Volkswagen's new name that turned out to be an April Fool's prank made headlines. Some were relieved that it was just a marketing stunt, while others cried foul. But those in the field of cybersecurity became more curious. What did the cyber world look like during the supposed leakage until the announcement that it was a prank?

What Are the Common Forms of Bulk Domain & Typosquatting Registrations?

Typosquatting can enable a variety of cyber threats that include but are not limited to phishing, malware-enabled attacks, and vulnerability exploitation. In a nutshell, the attackers can rely on the technique to mimic legitimate solution and service providers' domains to trick users into thinking they are getting update notifications from their vendors, for example, when they are actually not.

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

Did you know that a comprehensive subdomain database can give you 69,383 fully qualified domain names (FQDNs) with the string "firewall," 241,654 FQDNs for "cctv," and 19,048 FQDNs for "scada"? That data can give cybersecurity researchers possible starting points for an article or even a full-blown research paper.