Home / Industry

Augmenting Digital Risk Protection with Threat Intelligence Sources

The world continues to produce and consume digital content at an increasingly fast pace across channels — making risk exposure continuously greater in the process. To tackle this problem, digital risk protection allows organizations to address digital risk factors and monitor and reduce their attack surface. Digital risk protection is a holistic approach to cyber defense in the sense that it covers social media risks, Deep and Dark Web monitoring, brand infringement, cyber threat detection, and other aspects.

Threat intelligence sources such as subdomain, IP, and Domain Name System (DNS) intelligence can make digital risk protection more robust and reliable. While there are countless risk factors in the digital world, we focused on three of them in this post.

1. Malicious Domains and IP Addresses

An important consideration of digital risk protection solutions is their ability to prevent malicious domains and IP addresses from accessing a company's network. DNS and disposable email domains databases are intelligence sources that can help reduce risk.

For one, disposable email domains are quite often used by threat actors in spam campaigns. More sophisticated phishing campaigns can also carry data-stealing software and other types of malware.

DNS databases, on the other hand, can augment the threat hunting capability of digital risk protection solutions. They help track down the DNS footprints of malicious domains and reveal associations with other domains.

To illustrate, we traced the DNS footprints of ypwosgnjytynbqin[.]com, a suspected malware-hosting site that distributes Ramnit. DNS Lookup revealed the following details that could enhance digital risk protection:

  • A record: 13[.]90[.]196[.]81
  • Name servers: nsgbr[.]comlaude[.]co[.]uk, nssui[.]comlaude[.]ch, and nsusa[.]comlaude[.]net

  • Associated domains: 27 domains resolve to the same IP address. Each domain is also possibly related to Ramnit and are therefore worth looking into. In fact, the second object in the list below, auqpdabknaty[.]com, is tagged malicious by various entities on VirusTotal.

2. Brand Infringement and Impersonation

Digital risk protection also encompasses brand protection. Aside from the reputational risks that brand infringement brings, cybersquatters and impersonators could also use lookalike domains in phishing campaigns.

Domain intelligence sources such as Typosquatting Data Feed can help detect domains that appear to imitate a brand or company name. A day after the Facebook Campus launch, for example, 11 typosquatting domain names appeared on the DNS.

3. Untracked Digital Assets

Associating with third-party vendors is becoming more common regardless of company size. Business boundaries are often blurred, exposing organizations to different risks, including those related to security, financial soundness, and compliance. The massive Facebook data breach of 2019, for instance, was attributed to third-party app developers who leaked the personal data of millions of users. Monitoring network integrity regularly is a must to lessen exposure to third-party risks.

Another third-party risk that digital risk protection can help mitigate has to do with the trail of digital assets created by organizations as part of their operations. For example, e-commerce websites may need to point different subdomains to their Shopify store. In another scenario, an e-commerce site may shift its web hosting to Shopify, dropping previous web hosting providers. When subdomains that are no longer used are forgotten, they may become entry points for attackers.

Consider the website luxyhair[.]com, which we found on a list of Shopify stores. When we ran the domain on Subdomains Lookup, the tool returned six subdomains.

One of the subdomains, blog[.]luxyhair[.]com, has not been updated for about four months and looks like it is no longer used since the company now has a dedicated page for blogs (luxyhair[.]com/blogs/hair-blog). The subdomain blog[.]luxyhair[.]com also points to Squarespace, another web hosting service provider, which says the website has expired.

Since the account is no longer used by Luxy Hair, an attacker could theoretically take over the subdomain unnoticed and use it for phishing and malware campaigns.


Digital risk protection aims to defend organizations against a wide variety of digital threats. We only discussed three of them in this post. We also illustrated how tools such as Subdomains Lookup, DNS Lookup, Typosquatting Data Feed, and Disposable Email Domains Database could help lessen associated risks. These threat intelligence sources can strengthen digital risk protection solutions and strategies.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybercrime

Sponsored byThreat Intelligence Platform

Brand Protection

Sponsored byAppdetex

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byIPv4.Global

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign