Security News
Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains as malicious. According to the internet infrastructure giant, that amounts to 13 million malicious domain detections per month, equal to 20 percent of all successfully resolving NODs.
The U.S. Cybersecurity and Infrastructure Security Agency has updated the alert on Conti ransomware with indicators of compromise consisting of close to 100 domain names used in malicious operations. Originally published on September 22, 2021, the advisory includes details observed by CISA and the Federal Bureau of Investigation in Conti ransomware attacks targeting organizations in the U.S. The updated cybersecurity advisory contains data from the U.S. Secret Service.
The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups. The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.
Using social engineering tricks, the hackers were able to change the DNS settings of their victims' domain names, redirecting connections and mail to their own servers. GoDaddy, the world's biggest domain-name registrar, confirmed "a small number of customer domains and/or account information" were altered after "a limited number of GoDaddy employees" were duped.
The United States this week announced that it seized a total of 92 domain names that an Iran-linked adversary was leveraging in a global disinformation campaign. The manner in which these domains were being used was in violation of sanctions the U.S. imposed on both the government of Iran and the IRGC. As of April 2019, the United States has designated the IRGC as a foreign terrorist organization.
Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky. Most of us at some point have likely tried to open a website only to discover that the site no longer exists, replaced by a landing page indicating that the domain has expired or is up for rewewal.
Facebook on Monday announced that it filed a lawsuit in Virginia against 12 domain names for their deceiving behavior. The 12 fraudulent domain names are registered by India-based proxy service Compsys Domain Solutions Private Ltd. and the social platform sued them for impersonating Facebook apps and services such as facebook-verify-inc.com, instagramhjack.com and videocall-whatsapp.com.
Business email compromise attacks continue to be a thorn in companies' sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitalize on existing victims.
One site registered in Russia offers a coronavirus cure for $300. Check Point Research found a spike in coronavirus domain name registrations earlier this month as hackers increase malicious activity around the illness. Check Point listed "Vaccinecovid-19.com" as an example of a malicious site.
Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.