Detect When Your Domain is Phished: Top 10 Ways Attackers Mangle Your Domain Name

Webinar Registration

When attackers want the credentials of your employees and customers, they might employ elaborate phishing campaigns to trick you into handing over usernames and passwords, sometimes inadvertently defeating strong authentication methods in the process.

One of the core elements of such attacks are domain names that fool users, and adversaries are routinely coming up with new ways to craft them.

The cool thing about phishing domains is that they are public. This gives you 2 different opportunities to detect attacks - if you know what to watch for. Let’s map these 2 opportunities to MITRE ATT&CK tactics which also correspond roughly to sequential phases in the typical attack lifecycle.

Initial Access (TA0001): If you monitor domain names in web and email traffic you can detect attacks during the Initial Access tactical phase with technique T1566 - Phishing. This is still very early in the typical lifecycle of an attack – before any real damage has been done. But it does have its limitations. For one thing, it’s more effective at employee-targeted attacks than those against customers. Also, it requires integration with your SIEM and a lot of data processing.
Resource Development (TA0042): But if you monitor new domain registrations you can detect attacks before they ever get off the ground – while the attacker is still in the Resource Development (TA0042) phase of MITRE ATT&CK. Now you can pre-empt attacks and this defense works against both employee and customer targeted attacks.

But, again, you need to know what to look for. There are so many ways to phish a legitimate domain name. In this real training for free event, we will discuss:

Prefixes
Suffixes
Circumfixes
Affixes
Homoglyphs
Character Flips and Swaps
Homophones
Character Duplication and Removal
Substitutions
Typo Squatting
Hyphen Insertion and Removal
Substrings
Duplicate Character Reductions

Then Taylor Wilkes-Pierce from our sponsor, DomainTools, will provide a demo on phishing domains. DomainTools has been tracking new domain registrations for over 20 years.

Please join us for this technical and practical security event.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Zip/Postal Code:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.