Back in the 1930’s mass media consisted of movies and the radio. In fact, the radio and phonograph were basically the only means to be entertained. And, the radio as the sole source of anything resembling real-time information. Suffice it to say the audience as a percentage of households “tuned-in” dwarfs anything since in our multi-channel world.
I bring this up because one of the most famous lines from that era was the introduction to an immensely popular show The Shadow (made into a 1994 movie of the same name). It still resonates. As you can hear in the embedded YouTube recording from 1937, as intoned by actor Frank Readick Jr., the show always started with, “Who knows what evil lurks in the hearts of men…”
While the wealthy man about town, Lamont Cranston, aka The Shadow, is fictional and thus not around to tell us, those who track online bad guys are around and like to keep us up-to-date on what is happening. Thus, with a tip of the hat to High-Tech Bridge, my go to folks for really interesting insights on security matters, given all of the interest in cyber mischief, here is one everyone needs to take note of and not just during the holidays.
We have seen lots of stories about cyber threats to us personally and to retailers. It is ugly online and getting uglier unfortunately. However, what High-Tech Bridge wanted to ascertain was how susceptible the good guys, those who provide online security solutions, were from having their products and services undermined in some fashion. It turns out the answer is they too make inviting targets.
In fact, as the research shows, they are very vulnerable to two rather low-tech acts of malice, Phishing and Typosquatting, both of which are growing at an alarming rate. Indeed, a popular activity of cyber-fraudsters is the abuse of domain names similar to the legitimate domains of the ten most popular antivirus:
The methodology employed was as follows. High-Tech Bridge used the ImmuniWeb® Phishing Monitor module of its proprietary web security assessment ImmuniWeb® SaaS (Software-as-a-Service), to analyze 946 domains that may visually look like a legitimate domain (for example replacement of “t” character by “l” character, or mutated domain names such as “kasperski.com” or “mcaffee.com”) or that contain typos (e.g. “symanrec.com” or “dymantec.com”). What they found was that for the ten household name antivirus companies, 385 domains were detected with problems which they classified by the following categories (full list available here):
164 Fraudulent Domains. Domains registered by third-parties to make money on users erroneously visiting websites hosted on these domains (due to a typo in URL or a phishing campaign) by displaying ads, redirecting users to questionable websites selling illegal or semi-legal products and services, etc. 164 domains were detected (42.5 percent).
107 Corporate Domains. Domains registered by the antivirus companies to prevent potential Typosquatting and illegal usage of these domains. 107 domains were detected (27.7 percent).
73 Squatted Domains. Domains registered by cyber-squatters in the hope that the antivirus companies or third-parties will buy the domains at some point in the future. Websites on these domains are not active. 73 domains were detected (18.9 percent).
41 Other Domains. Domains registered by third-party businesses or companies that may have a legitimate reason to register the domain (e.g. similar Trade Mark or company name) without intention to spoof the identity or to benefit from user typos. 41 domains were detected (10.6 percent).
Detailed statistics are provided in the table below:
Source: High-Tech Bridge Technology
Very interesting, and a bit scary!
Despite efforts by companies, governments, law-enforcement agencies and domain name registrars to prevent abusive or illegal domain name registration and usage, the attempts show the bad actors are currently winning the war. The researchers found that the average age of a fraudulent domain is as high as 1181 days, and the average age of a squatted domain is 431 days.
This is not to say that the antivirus companies have taken this lightly. For example, the research showed that Kaspersky and McAfee purchased more than 70 percent of the domains that could be potentially used for illegal purposes if registered by third-parties. It also revealed that the other eight companies need to be more proactive. I will add the caveat that this can be problematic given all of the less than ethical if not illegal registrations that already exist.
But wait there is more!
High-Tech Bridge did not stop there with their investigation. They also wanted to understand which domain registrars are used by cyber crooks to register fraudulent and squatted domains. The most popular domain registrars for fraudulent or squatted domains were:
Number of domains
FABULOUS.COM PTY LTD
PDR Ltd. d/b/a PublicDomainRegistry.com
ABOVE.COM PTY LTD
MONIKER ONLINE SERVICES LLC
Countries that host websites with fraudulent content were in rank order:
Number of hosted websites
In comments about the research, Marsel Nizamutdinov, Chief Research Officer at High-Tech Bridge, stated that: "Our research clearly demonstrates that cyber criminals do not hesitate to use any opportunity to make money on domain squatting and subsequent illegal practices. There are many ways to make money from these domains: they can be resold at a profit to the legitimate owner of the Trade Mark, used to display annoying ads, redirect users to pornographic or underground pharmaceutical websites, or even to infect with malware user machines who accidentally made a typo in the URL or clicked a phishing URL. The last scenario is the most dangerous, for example a consumer wanting to purchase an antivirus for a new PC who accidentally mistypes the domain name in his browser could find that his machine will be infected by malware turning it into a zombie to perform DDoS attacks or send spam."
Ilia Kolochenko, High-Tech Bridge CEO, added: "We can see that even such powerful businesses as antivirus companies are falling victim to cyber squatters and fraudsters. Today, not many countries have efficient laws against cyber crime, fraud and Trade Mark abuse. Jurisprudence in this domain is even less developed. Governments in many countries refuse to collaborate in cybercrime investigations. Law enforcement agencies don’t have enough skilled people, budget and experience to counter digital crime. Only by joining the efforts of the private sector, governments and law enforcement agencies can we prevent, or at least minimize, illegal activities in the digital space. I strongly recommend supporting various initiatives of the OTA Alliance and the IMPACT Alliance, as we have been doing at High-Tech Bridge since 2010."
The full list of fraudulent or squatted domains can be found here.
As noted at the top, the lessons here are very pertinent to any company that has an online presence. At a minimum, given how inexpensive it is to acquire a domain name, if you have not invested in many of the low-hanging fruit of misspelled names and other versions of your domain that can be easily squatted on, if they are available obtain them. As in many sports, the best defense many times can and should be a good offense. In addition, as Kolochenko points out, becoming a member of the two alliances is worth investigating.
SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…
Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …
In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…
In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…
To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…