It’s hunting season — with a twist.
This time, the tables have turned because the predators are the ones being hunted by their prey. It’s called threat hunting, a new cybersecurity strategy where businesses take a proactive approach towards identifying and fighting against possible sources of malicious attacks.
And the first line of offense is monitoring newly registered domains to discover the malicious lairs that harbor these predators.
Why Newly Registered Domains May Pose a Threat
Cyber criminals register new domains all the time. That’s because once their sinister base has been blocked, they simply create other ones — using new websites and email addresses — to resume their hacking sprees. And newly-registered malicious domains pose a particularly serious threat because an alert hasn’t yet been raised against them. They enjoy the benefit of the doubt which increases their chances of accomplishing the malevolent schemes they have set out to do. These include:
Spam and phishing expedition
Newly-registered domains spreading spam emails and enticing trusting users to click on an infected link.
Uploading malware on websites
Creative variations of new domain names drive trusting users to portals made for the purpose of malware contamination and stealing sensitive information.
Spoofing and direct impersonation
Hackers register domains that are similar to those of established businesses and use them for impersonation and spoofing attacks.
Recognizing the Traps: How Threat Hunting Can Help
Hackers are crafty, destructive, and once they cause harm it’s hard to detect. In fact, in 2018 the mean time of a data breach discovery was 197 days. Threat hunting helps protect businesses by anticipating hackers’ moves and recognizing the traps that they lay, including utilizing newly registered domain names. Proactive monitoring nips threats in the bud and is a crucial element in the following areas:
Strengthen cybersecurity
Monitoring newly registered domains reveals the tell-tale footprints of malicious websites thus enabling companies to immediately block them. Speed is of essence in detection because these rogue lairs often don’t intend to stay long on the Web and exit as soon as they have accomplished their mission.
Threat hunting allows prompt warnings to employees and helps establish protocols on how to deal with spam from phishing sites. Once malicious domains have been identified, threat hunting could continue tracing the network of other malevolent sites connected to them.
Enhance brand protection
Threat hunting prevents brand impersonation and trademark infringement which can ruin business reputation and lead to financial losses or slumping sales. Companies can sniff out impostors by identifying newly registered domain names that are uncannily similar to theirs or those of other established organizations. Just one cleverly-placed letter may have been altered, but it’s enough to trick a busy employee or third-party stakeholder into falling for the trap.
Monitoring newly registered domains allows gathering reports on exact matches of brand names with established organizations or your own business thereby putting a spotlight on the threats and their possible destructive consequences.
Assist during investigation
Threat hunting complements cyber crime investigations by tracking the origin and extent of suspicious domain activities. This leads to newly-emerged domains with known malicious connections. Discovering these networks of dubious websites help in their possible prosecution and eventual shutdown.
Threat hunting also makes it possible to establish a more detailed picture of criminal events, starting with the motive – e.g., impersonation – and the timeline of its execution.
Threat hunting turns the tables on cyber criminals by tracking and disrupting their malicious activities. Businesses can become hunters by adopting the proactive attitude of diligently watching for possible threats to prevent costly damages to their organizations. Once they’re ready, monitoring newly registered domains is an excellent ground to begin the hunt.
About the Author
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) — a data, tool, and API provider that specializes in automated threat detection, security analysis and threat intelligence solutions for Fortune 1000 and cyber-security companies. TIP is part of the Whois API Inc. family which is a trusted intelligence vendor by over 50,000 clients.