Whenever attackers try to compromise user information, the most common technique used by them is phishing to steal user credentials. They come up with so many new tricks that it is sometimes overwhelming to put an end to all these ploys.
No day goes by without a report on a new phishing campaign. Cybercriminals go to great lengths in designing their phishing pages to exude a sense of authenticity. Users who fall for the aesthetic and visual design of a website pretty much end up giving their personal information.
For example, take the case of online internet banking. If bank customers furnish their credentials on a suspicious looking copy of the bank website, they might lose their money overnight owing to attackers using the sensitive information handed out to them. Furthermore, customers would have no idea as to what might have happened.
Moreover, when cybercriminals target organizations in different sectors worldwide, the spearphishing techniques used are much more sophisticated and hard to detect even for tech-savvy customers or employees. Exposure of confidential data belonging to an organization can have disastrous consequences for it. Thus, it is essential that these fraud entities are weeded out to ensure a safer browsing experience for all users. After all, prevention is better than cure!
Take care of the weeds with the Domain Fuzzer
Drawing insights from this, CTIX now features a Domain Fuzzer. This means the platform identifies and filters out suspicious instances of websites added to the watchlist, using parameters such as URLs, IPs, and hashes. This would greatly help security analysts in detecting malicious sources and taking steps to quarantine them before it affects the organization’s network or its customers.
CTIX members can now easily use this feature from the ‘Network Utility’ toolbox present to the right of the dashboard which houses the ‘Domain Fuzzer’. Here, members can check malicious instances of any website by querying through the search bar. The ‘Domain Fuzzer’ displays the list of domain names, their types (bitsquatting, insertion, etc), IP status, and actions taken on these domains.
A remarkable feature of Domain Fuzzer is its ability to ascertain instances of Mail Exchanger (MX) records corresponding to the domains or URLs in the watchlist. MX records show which email servers are used in relaying emails to the actual domain. For instance, if a typosquatted domain similar to an organization’s name also adds an MX record, it is likely that the domain could be used for a phishing campaign. Thus tracking such old registered domains becomes essential to prevent their use in phishing against an organization.
For a large organization, monitoring each and every asset and endpoint can become quite challenging. Attackers take advantage of such a situation to create fake copies of legitimate assets and trap both customers or company employees. CTIX automatically scans for all the domains added to the watchlist to ensure round-the-clock protection.
CTIX’s automated orchestration enables security teams to collect an extensive list of malicious URLs, IPs, and hashes that could be used for targeted attack campaigns. Therefore, the Domain Fuzzer in CTIX acts as a preventive check so that members are informed of the of any new threats from fake websites or domains.
Posted on: April 02, 2019
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.