In the race to be the most imaginative, so far attackers are outwitting defenders.
Take, for example, the ability to craft and find look-alike domain names. Somehow, no matter how creative security teams get thinking about and storing alternatives for blacklists, criminals are able to spoof brand, product, or organization names faster.
That can give them an edge in phishing attacks, where emails often include phoney but real-looking links gullible employees fall for.
To give security teams a better chance DomainTools, which has domain name discovery and profiling system, has created a new cloud-based service called PhishEye. which automates searching for registered lookalike domains, including those deliberately created with typos and misspellings.
All a user has to do is input a domain or a brand name and the service hunts for DNS variants. By pushing a button marked “Monitor This ,” when a domain or domains registered with that name an alert is sent to the subscriber listing all that match.
Those domains can then be exported as a .csv file into security tools like firewalls and spam filters, ready to be blocked, or can be sent to DomainTools’ IRIS investigation tool – or sent to partners for them to watch out for.
Company CEO Tim Chen noted in an interview that according to the latest report of the Anti-Phishing Working Group, an industry association, phishing reached an all-time high in the second quarter. On average 411 to 425 different brands are spoofed each month.
“These things come in constantly,” he said. “Every day we see tons of domains registered that violate common brands and trademarks, and it’s only a very small percentage of them that are not violators. “
“Phishers are so often depending on tricking the user by using look-alike domains that at a glance appear to be the legitimate domain and help main their email convincing … Unfortunately for the security team a lot of the time the alert they get is the phish itself.”
Chen wouldn’t disclose PhishEye pricing.