Domain Threat Intelligence: What It Can Bring to Security

Cyber attack victims not only lose massive amounts of money for disaster recovery and remediation.

11:52 04 September 2020

They also have to deal with litigation for failing to comply with regulatory requirements. A combination of risk assessment, domain reputation, antimalware, and a host of other cybersecurity solutions and strategies enabled by domain threat intelligence can, however, help reduce a network’s attack surface.

 

Domain threat intelligence refers to the insights that cybersecurity analysts and researchers get from correlating domain names with their associated IP addresses. Cyber threat intelligence feeds that list typosquatting and disposable domains—like the ones provided on this list—and malicious URLs often tied to phishing, distributed denial-of-service (DDoS), and malware-instigated attacks are amongst its common sources. Here is what cybersecurity stakeholders and companies in general can gain from them.

 

3 Potential Gains from Reliable Domain Threat Intelligence

 

1. Domain Integrity

 

A disreputable domain is likely to end up in at least one blacklist and that would prevent visitors from accessing its hosted website, translating to lost business opportunities and public trust. Constant monitoring of the entire web infrastructure to make sure none of an organization’s domains or IP addresses are tagged as malicious in cyber threat intelligence feeds is thus crucial.

 

Running web properties on a domain reputation scoring tool that typically comes with domain threat intelligence solution packages is also helpful. Consulting typosquatting feeds to catch copycats that can be used to target customers and employees regularly is also a good practice. These protocols should reduce a company’s chances of putting stakeholders at risk of data or identity theft.

 

The owner of the domain wondersofwellness[.]com should, for instance, consider that customers may become phishing victims of the lookalike domain wonderofwellness[.]us. A check on a typosquatting data feed for 24 August 2020 would reveal there are more variations of the organization’s domain up for sale. Avoiding similar incidents may require buying domain copycats or at least monitoring them for signs of malicious activity to prevent phishers and other cyber attackers from abusing the company brand.

 

 

 

2. Digital Asset Protection

 

Getting alerted to malicious domains and IP addresses as soon as they access a network can help stop attack attempts before they can cause irreparable damage. Robust cyber threat intelligence feeds gather malicious domains and IP addresses from several blacklists to help users block as many potential threat sources as possible.

 

So if a domain like vakifbayramappp[.]ml keeps showing up on traffic logs and it doesn’t belong to a known customer, running it through a domain reputation scoring tool for security reasons may be necessary. Users would then discover that the domain has a low reputation score of 79.93%, making it somehow suspicious.

 

 

As it turns out, vakifbayramappp[.]ml is also listed on phishing URL database PhishTank and threat feed VirusTotal. It may be attempting to breach the network’s security and should be blocked.

 

 

3. Extensive Cyber Investigation Results

 

Even the most prominent organizations succumb to cyber attacks and are left with no other choice but to make amends to victims, try finding the culprits and bringing them to justice, and do their best to earn their reputation back. Cyber threat intelligence feeds that pull data from as many malware feeds and blocklists as possible can help identify the source of an attack and those behind it.

 

In a lot of cases, a malicious domain can turn up on multiple threat feeds. An example would be twowheelcool[.]com, which is listed on PhishTank, VirusTotal, Google Safe Browsing, and Yandex Safe Browsing.

 

 

Apart from blocking access to it, finding out who its owner is (if not redacted) and what other domains and IP addresses are related to it is also useful. Severing ties to all of them can significantly reduce risks.

 

 

 

---

Domain threat intelligence can help enrich cybersecurity tools and strategies to make networks, digital assets, and systems more resilient against threats. Amid an ever-growing threat landscape, no organization can do without essential and actionable information from cyber threat intelligence feeds.