For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences.
Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks. This article outlines the many potential threats to web domains, the importance of domain security in countering them, and how the right approach to domain monitoring can ensure proactive defense against financial and reputational harm.
What is Domain Monitoring?
Domain monitoring is the practice of using specialist software, either on its own or as part of a digital risk protection service, to monitor an organization’s internet domains and automatically detect and identify any suspicious or unauthorized activity. This can involve detecting when domains using or including versions of a particular company name are registered, and also checking for indicators that a domain is likely to be or is currently being used for phishing or malware distribution. As a result, domain monitoring enables organizations to fight the many types of threats that could undermine the integrity and perception of their online presence.
Your Online Presence at Risk
Threat actors recognize the rewards of targeting websites all too well. As a result, the potential consequences of failing to ensure the security of your web domain are significant. Domain-related attacks can lead to significant harm for the legitimate owners of spoofed websites and their brands. Customer perception and trust can be greatly damaged, having an indirect effect on organizations’ financial status. Because these types of attacks can also yield valuable credentials, organizations may also experience additional negative security consequences further down the line. Without domain monitoring in place, a company may be unaware for a long period of time that this type of campaign is even in progress.
Common Domain-Related Attacks
Business domains are at risk from many types of attacks, including:
-
Typosquatting
Also known as URL hijacking or domain mimicry, typosquatting involves defrauding users into visiting malicious websites with URLs that are commonly misspelled versions of legitimate web URLs. When web users incorrectly type a URL into their web browser instead of using a search engine, they can be tricked into sharing sensitive details on fake sites. This can have a negative impact on the organizations associated with the mimicked website.
It also has serious wider consequences for the security landscape, as it has played a key role in phishing and malware attacks. The 2016 U.S.election hacking incident involved instances of typosquatting.
-
Domain Hijacking
This is the practice of changing the registration of a domain name without permission of the owner, as a result of them sharing their Domain Name System (DNS) credentials in response to a phishing or other type of social engineering scam. This type of attack can also involve the abuse of privileges on domain hosting and domain registrar systems themselves, for example, when their accounts are compromised, or through the exploitation of vulnerabilities in websites and web servers.
Another approach threat actors use is impersonating the owner of the domain name and asking the domain registrar to modify the registration information or even to transfer the domain to a different registrar. Threat actors may also register expired domain registrations to gain control of the website and redirect web visitors to an IP address associated with malware.
-
Domain Spoofing
Related to domain hijacking, domain spoofing involves malicious actors impersonating an authentic domain to gain access to sensitive information, such as financial data or login credentials. This form of brand impersonation is achieved by creating a website or domain name that is very similar to the real one. Domain spoofing is frequently used in phishing attacks to create phishing sites, sell counterfeit products or steal login credentials.
Spoofed domains are a common way to help carry out phishing attacks targeting a company’s suppliers, employees or customers. These spoofed domains are used to create phishing sites, sell counterfeit products or steal login credentials. Threat actors then use these domains to conduct business email compromise (BEC) scams, deliver malware and create ransomware attack lures.
The Benefits of Domain Monitoring
With so many potential threats, domain monitoring provides critical benefits for businesses, including:
-
Rapid Response to and Mitigation of Exploited Domains
Domain monitoring provides a swift and streamlined approach to uncovering and addressing compromised domains and websites and responding to domain-based cyber-attacks.
-
Reduced Risk of Phishing Attacks
Brand and domain monitoring services can help search across the surface web for signs of spoofed sites that use typosquatting or other copycat techniques and initiate a takedown request with the internet service company by providing evidence of the threat.
-
Enhanced Public Perception
Trust in brands and websites can be significantly undermined as a result of customers being tricked into sharing sensitive information through fake or fraudulent domains. Effective domain monitoring helps companies avoid the damage caused by negative public perception.
-
Improved Regulatory Compliance
With regulatory requirements relating to cyber security becoming more stringent, domain monitoring can help ensure that organizations meet these standards while also reducing the risk of financial penalties.
-
Greater Security Resilience
With web domains a key area of focus for threat actors, domain monitoring helps to reduce many security risk points. By proactively searching for compromised domains, it enables organizations to get ahead of potential threats before they turn into security incidents.
How Does Domain Monitoring Work?
Domain monitoring uses advanced technology to monitor and analyze:
- Active and passive DNS
- WHOIS files
- SSL certificates
- Logs
- Screenshots
- Malicious URLs
- MX records
Domain monitoring systems use scanning technology to continuously track domain registries and identify new domains or even changes in ownership that could present a potential security risk.
Domain monitoring services use a list of target domains and/or brand keywords to search across the surface web for signs of spoofed sites that use typosquatting or other copycat techniques and then initiate a takedown request with the internet service company by providing evidence of the threat.
When an issue is identified, the domain monitoring company will act to mitigate the malicious domains and notify the affected organization. The company will then monitor the domains that have been confirmed as malicious or unauthorized and provide notifications when and if there are changes.
Domain Security and Cyber Security
Good domain security goes hand in hand with good cyber security. With domain exploitation a key factor in many malware, phishing and other types of attacks, overlooking this aspect of security can create significant risks. Without effective domain monitoring, this type of threat can go undetected for a long time, opening a large window for increased risks to your organization and business reputation. This is why domain monitoring should form part of your wider cyber security strategy.
Domain Security and Data Protection
Effective domain monitoring also forms part of a successful approach to data protection. Because the exploitation of domains focuses on gaining sensitive or potentially valuable data, preventing these types of attacks helps reduce the risk of breaches. Ineffective data protection can lead to severe financial penalties for failing to adhere to the EU’s General Data Protection Regulation (GDPR) and other regulations. Domain monitoring can help defend against penalties.
Getting Started with Domain Monitoring: What to Consider
With domain monitoring critical to safeguarding your organization’s reputation and financial well-being, it can be tempting to move quickly into getting set up with a provider. However, some initial considerations will ensure that your approach to domain monitoring is successful and reduce the risk of overlooking key aspects.
-
Understand Your Risk Environment
An important first step is to gain an overview of your online risk environment. Does your business have multiple websites? How are your web domains managed and registered? By taking an inventory of your assets and all the potential risks, you can ensure that your choice of domain monitoring service has the scope to ensure consistent defense against the potential threats.
-
Establish Clear Timelines
Is your business due to launch a new website? Are you planning a high-profile marketing or ecommerce campaign? Understanding the level of risk that could impact your online reputation is not only about the “what” but the “when.”. Preparing for possible attempts to exploit your online reputation can help ensure it remains secure at the time it most needs to be.
-
Plan for Changes to Your Brand Presence
Businesses and brands are constantly evolving. Your online presence is likely to change over time. This means it is essential to ensure that your domain monitoring strategy and service is set up to evolve as your web presence does. When considering domain monitoring services, ask about how pricing and capacity will change with your organization’s requirements and ensure this fits with your budget.
-
Assess Potential Domain Monitoring Vendors
All of the insights gained by considering the previous points will help you identify the type of vendor best suited to your needs. While automated monitoring is clearly a key aspect of the service, look for a vendor that offers more. Check whether your prospective provider offers a broad scope of support to ensure no area of your online reputation is overlooked. Consider how well prepared they are to deliver support on different aspects of domain monitoring. Ask them whether they have the breadth of intelligence to monitor and mitigate ever-evolving cyber threats. By identifying the answers to these key questions, you can ensure your organization is better protected against the potential loss of income, reputation and data.
Secure Your Web Domains with Kroll
Through expert threat hunting, detection and takedown as part of our Digital Risk Protection services, Kroll can help secure and maintain your organization's brand reputation. Drawing on experience gained in nation state-level intelligence agencies such as the U.S. Secret Service, FBI and Europol , our analysts manage and minimize your organization’s exposure to risk in an increasingly complex threat landscape. We use proprietary information collected from thousands of our incident response investigations, combined with intelligence from our vendor partnerships that is curated and validated by our analysts, as well as access to top tier closed sites where criminals are conducting nefarious activities.
Our threat intelligence analysts use a combination of automated and manual data collection to monitor for any exposures across surface, deep and dark web sources, including ransomware shaming sites, criminal marketplaces, private forums, closed and private bin/paste sites and Tor chat platforms. They then filter out false positives and duplicates to deliver an early warning of malicious activity in the form of alerts that could be indicative of an impending, targeted campaign against your organization.
To help protect you from phishing and malware scams, our analysts use all this insight to alert you to potential attacks on your owned sites and identify spoofed sites that use typosquatting or other copycat techniques. Once a malicious site is identified, Kroll provides a complete managed remediation and takedown service.
Key features include:
- Anti-phishing monitoring
- Unauthorized mobile apps monitoring
- Malware monitoring
- Social media abuse monitoring
- Site takedowns
- Dark web Bank ID number (BIN) monitoring
