Detect When Your Domain is Phished: Top 10 Ways Attackers Mangle Your Domain Name

Webinar Registration

When attackers want the credentials of your employees and customers, they might employ elaborate phishing campaigns to trick you into handing over usernames and passwords, sometimes inadvertently defeating strong authentication methods in the process. 

One of the core elements of such attacks are domain names that fool users, and adversaries are routinely coming up with new ways to craft them.

The cool thing about phishing domains is that they are public. This gives you 2 different opportunities to detect attacks - if you know what to watch for. Let’s map these 2 opportunities to MITRE ATT&CK tactics which also correspond roughly to sequential phases in the typical attack lifecycle. 

  1. Initial Access (TA0001): If you monitor domain names in web and email traffic you can detect attacks during the Initial Access tactical phase with technique T1566 - Phishing. This is still very early in the typical lifecycle of an attack – before any real damage has been done. But it does have its limitations. For one thing, it’s more effective at employee-targeted attacks than those against customers. Also, it requires integration with your SIEM and a lot of data processing.
  2. Resource Development (TA0042): But if you monitor new domain registrations you can detect attacks before they ever get off the ground – while the attacker is still in the Resource Development (TA0042) phase of MITRE ATT&CK. Now you can pre-empt attacks and this defense works against both employee and customer targeted attacks.

But, again, you need to know what to look for. There are so many ways to phish a legitimate domain name. In this real training for free event, we will discuss:

  • Prefixes
  • Suffixes
  • Circumfixes
  • Affixes
  • Homoglyphs
  • Character Flips and Swaps
  • Homophones
  • Character Duplication and Removal
  • Substitutions
  • Typo Squatting
  • Hyphen Insertion and Removal
  • Substrings
  • Duplicate Character Reductions

Then Taylor Wilkes-Pierce from our sponsor, DomainTools, will provide a demo on phishing domains. DomainTools has been tracking new domain registrations for over 20 years.

Please join us for this technical and practical security event.

First Name:  
Last Name:  
Work Email:  
Phone:
Job Title:
Organization:
Country:  
State:
Zip/Postal Code:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Upcoming Webinars
    Additional Resources