How Can Domain Intelligence Analysis Help in Vetting Third-Party Providers

By Threat Intelligence Platform (TIP)
Threat Intelligence Platform (TIP)

For 16 months, PayMyTab, a third-party payment provider, leaked the private data of customers who dined in a U.S. restaurant when it failed to follow a simple yet essential security protocol.

Just last month, an anonymous tip sent to vpnMentor revealed that the information of customers who paid for their meals using the third-party payment system was exposed. The details of the leak are as follows:

A data breach resulting from an error like this highlights the importance of vetting third-party providers. Carefully examining service providers' infrastructure is necessary to make sure that they have the right tools and protocols in place not to compromise your network and customer data. In this particular case, the customers' PII can be used for subsequent attacks.

Cybercriminals can, for instance, obtain access to the customers' other accounts if they reuse passwords. They can also guess the obscured parts of customers' credit card numbers and use clones for physical purchases or just the numbers for card-not-present transactions.

The sad part is that even if PayMyTab now secures its S3 database, the damage has been done. How can restaurants like those dragged through the mud avoid a similar scenario?

Our Investigation Tool: Domain Reputation API and Others

It is a must for any business to exercise caution when it comes to ensuring the safety of its customers. Establishments cannot loosely accept a third-party service provider's claims when it comes to cybersecurity. Instead, they must proactively seek to prevent security issues across their entire supply chain — notably by working with their providers to address gaps before finalizing their working relationship.

The buck shouldn't stop there, in any case. Companies must continually monitor the health of both their network and their partners'. Apart from limiting third-party access to internal systems and data, they can perform a domain intelligence analysis using tools such as Domain Reputation API. This solution can be integrated into existing solutions to gauge the trustworthiness of the domains it interacts with instantly. It can also be used to vet potential providers.

Let us see the tool in action. If your organization, for instance, is looking to partner with a startup with the domain — evoxhosting[.]com. (Note that the domain was obtained from a publicly available list of suspected phishing sites, PhishTank.) Your contact gave you their site, and so, you decided to run it through Domain Reputation API to see if it can be trusted.

Looking at the warnings, you should know that the domain may be prone to man-in-the-middle (MitM) attacks that use forged certificates since its HTTP Public Key Pinning (HPKP) headers are not set. It also doesn't use HTTPS, has a misconfigured Transport Layer Security Authentication (TLSA), and does not have Online Certificate Status Protocol (OSCP) stapling enabled. The last two misconfigurations won't allow the site to use Domain Name Security Extensions (DNSSEC), which adds another layer of protection against cyber attacks.

It may also be a good idea to run the domain through a WHOIS search. This can give more information on the domain's owner. Such a check is useful if you want to be sure that its owner has had no ties to any malicious activity in the past. In this case, the latest WHOIS record for evoxhosting[.]com shows that the domain was registered less than 100 days ago (at the time of writing). Also, most of the registrant's contact and location information has been redacted by a domain privacy service based in an off-shore country.

* * *

Vetting third-party providers should be a must for all organizations. They need to know that any incident that involves their partners could have repercussions for them too. They can rely on domain intelligence analysis tools like Domain Reputation API to keep their systems, data, and network safe from supply chain risks.

Related topics: Cybercrime, Cybersecurity, Domain Names, Whois

Comments