In part 1 of this blog series we learned about the strategies and attack types used for cybersquatting. We’ll now go through some ideas on how companies can protect themselves.
Tools to help people
On a Kali distribution, one can find a number of ready-to-use tools for typosquatting.
Among these tools, “urlcrazy” is probably the best known. It is a very powerful tool, which from a domain name is able to generate other domain names with strong similarities and test their existence or not.
“Dnstwister is another extremely powerful tool, able to generate domain names via a combination of techniques (permutation, insertion, omission, etc.).
These kinds of tools are invaluable whether you are an attacker or a security manager in your company. On both sides, you can potentially know which areas are likely to attack you or which areas are likely to make your attack “successful”.
An attack for a good cause
Cyber security awareness is an essential element in improving your security level and protecting your critical assets. It allows you to pass on the right habits and actions to take in the face of an attack or any security event in general.
A phishing attack is a likely event that can occur in your information system. Therefore, it is important to remind your users of the “barrier gestures” to adopt when required. One way to check that your users have understood the message is to actually attack them (a real fake attack, that is).
Phishing is an attack that lends itself perfectly to an awareness raising exercise. Online platforms exist that allow you to launch awareness campaigns:
You can also opt for internal tools (internal pentest). There are many tools and they will all allow you to achieve satisfactory results and above all to have analytical data that can be used for reporting purposes.
The Kali Linux disruptions natively embed tools such as “King fisher” to perform phishing for free.
How to protect yourself
Protecting oneself against cybersquatting remains a very difficult task today for several reasons.
Firstly, because you will not be able to reserve all the domain names that resemble your brand. This strategy is likely to cost you financially and the consistent management of these domains is almost impossible.
Secondly, accessing or reserving a domain name is not subject to any laws that would prohibit the bad guys (attackers) from not having the opportunity. Buying or selling a domain name is a completely legal activity. Those who do it are called “domainers” and are not always malicious people.
The strategy to protect against cybersquatting and its attacks will be twofold.
a. Legal protection
In the USA, victims of cybersquatting can assert their rights directly through ICANN (Internet Corporation of Assigned Names and Numbers) or through the ACPA (Anticybersquatting Consumer Protection Act).
In France, victims of cybersquatting can bring the case before a judge. They can also contact AFNIC to file a legitimacy challenge for a domain name in the .fr TLD.
b. A cybersecurity technical approach
From a technical point of view, several points should be considered to anticipate cybersquatting:
- Anti-spam, mail gateways, DLP (Data Loss Prevention) solutions or firewalls with L7 protection can detect malicious code in attachments and fraudulent links in e-mails.
- Strengthen your user awareness policy
- Never wait for your domain name to expire before starting renewals. Keep in mind that the redemptionperiod status of your domain name is of particular interest to domainers and potential attackers. The redemptionperiod information is part of the information displayed by the “whois” command.
- Regularly test and verify your DKIM, DMARC, SFP entries. Indeed, a badly configured public DNS zone can facilitate phishing campaigns.
- Proprietary tools such as “Nameshild” or open source tools such as https://dnstwist.it/ allow you to be better informed about potential target domains that could attack you.
Take the First Step
To combat categories such as phishing-related domains, DNS Firewall makes use of dynamic threat intelligence services.Learn more