tag = "Domains"

Top 10 TLDs Abused

In the latest PhishLabs Quarterly Threat Trends & Intelligence report, we break down how actors are abusing Legacy Generic (gTLD) and Country Code (ccTLD) Top-level domains, HTTPS, and free security certificates to target enterprises.

Most Phishing Attacks Use Compromised Domains and Free Hosting

PhishLabs recently analyzed more than 100,000 phishing sites to establish how many used compromised domains, free hosting, or maliciously-registered domains.

The Anatomy of a Look-alike Domain Attack

In this post, we show the frequency of common look-alike domain threats, the mechanics of an attack, and resources to minimize risk.

APWG Q3 Report:Four Out of Five Criminals Prefer HTTPS

Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts.

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Impersonation is a highly effective tactic for threat actors because it piggybacks on the credibility of a brand to legitimize a malicious objective. As a result, it is one of the most common components of a cyber attack.

What is a Look-alike Domain?

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

How to Detect Look-alike Domain Registrations

Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand's credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and curation.

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef.

Eliminating the Threat of Look-alike Domains

There are many ways look-alike domains can be used by threat actors. This, in addition to diverse registrar requirements for removal, can make mitigation complex and often ineffective.

APWG: SSL Certificates No Longer Indication of Safe Browsing

Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks from the first quarter and a 20% increase in BEC attacks targeting the social media sector.