Your name says a lot about you. A company’s name stands for the value they represent in the market, and trust is associated with the name they build. A digital address for your brand, your domain name is a valuable part of your company’s assets and must be prioritized when building your cybersecurity strategy.
Domain-related attacks such as phishing, domain hijacking, and brand impersonation can threaten your organization’s stability and negatively impact its bottom line. Call it defense-in-depth, call it zero trust, or call it plain good practice. Securing your enterprise from the inside out means carving a space for one of your most public-facing liabilities: your domain name.
As someone tasked with defending your company’s digital assets – and arguably, good name – you understand the value of keeping your organization off the cybercrime radar and away from any negative press. Bad news always travels farther and faster than good news, and no company wants heat for crimes it didn’t do. Learning how threat actors actively try to undermine, manipulate and compromise your domain will arm you with the information necessary to search out adequate defense. Zero trust doesn’t just mean no network attacks; it means no damage to the enterprise on your watch – whatsoever.
1. Continuous Domain Monitoring and Threat Intelligence
What’s the worst that can happen to your domain, and why must we stay vigilant? Here’s a list of attack methods that prove the need to monitor your domain:
- Copycatting | Mirroring a trusted website
- Domain Spoofing | Registering a website name that resembles that of a trusted website
- Fake URL | Makes users think they are interacting with the real thing
- Homoglyph | An impersonating domain made with lookalike-letters and symbols
- Typosquatting | Owning the misspelled domain of a trusted website for fraudulent purposes
Domain monitoring scans for newly registered domains that fit any of the above descriptions. It monitors across top-level domain (TLD) and country code top-level domain (ccTLD) registries and searches the public attack surfaces for links to any of these sites. Once an incident is found, an alert is generated.
Domain monitoring tools must be robust and comprehensive, scouring the entirety of both registries and chasing potential malicious links across a vast threat landscape, including online forums, social media, app stores, collaboration platforms, blogs, news sites, and the deep and dark web.
2. Domain Reputation and Blacklisting Management
Unfortunately, these types of scams slip out, and fraudulent sites with your company’s name could be out there. The clean-up is a significant part of the domain protection process.
A domain protection solution needs to identify these cases – wherever they may be hiding and in whatever instances they are used – and be able to take them down. Your domain reputation is not only how your company website is perceived in public opinion but “how trustworthy and credible your website is according to search engines like Google.”
The downsides of cybercriminals running amok with your good digital name are people no longer opening your (legitimate) company emails, losing your page rankings on popular browsers, and ultimately being blacklisted by parties you are hoping to reach. Domain Name System Blacklists (DNSBLs or DNS Blacklists) allow website administrators to block messages from any system with a history of sending spam. If you’re not careful with how your domain is being used, that could be you.
While there are ways companies can proactively check to see if their domain is Blacklisted, it requires extensive measures such as measuring metrics, checking open rates, monitoring emails, etc. A domain protection service can do all that for you.
3. Domain Recovery and DNS Security
A good domain protection service can also recover your domain after it’s been breached by spoofing, copycatting, or a DNS attack. This type of protection is known as domain recovery and DNS security.
Domain recovery restores a domain after it’s been hijacked or expired. It will recover a domain you lost access to in an attack and make sure that domain is safely yours – and nobody else’s.
DNS attacks are a bit different. The Domain Name System (DNS) is the mechanism that turns domain names into IP addresses, but this system can get hacked, putting companies at risk.
Authors Allan Liska and Geoffrey Stowes, in their book “Defending the Domain Name System”, argue that DNS attacks deserve more security attention now than ever. They note, “A 2014 study done by Vanson Bourne found that 75% of organizations in the United States and the United Kingdom had been impacted by a DNS attack and 49% had uncovered some sort of DNS-based attack in the previous 12 months. So, DNS attacks are prevalent, but they are not necessarily getting the attention they deserve…This lack of security insight combined with the relative obscurity of these protocols makes them ripe for potential exploitation.”
While handling the problem in-house usually requires a DNS dedicated administrator, the right domain protection service will take that – and domain recovery services – in stride.
4. Brand Protection and Trademark Monitoring
Brand protection is key to securing the trust that makes your company run. As Shakespeare’s Iago said, “Who steals my purse steals trash..But he that filches from me my good name robs me of that which does not enriches him and makes me poor indeed” (Othello, Act III, Scene iii). It’s true.
Brands and associated trademarks are desirable targets for threat actors looking to create convincing fakes. Phishing campaigns are rife with company screenshots and hijacked logos, making that email look like the “real thing”. The same happens when an executive’s name and job title get impersonated on Instagram, a spoofed company announces a bogus offer on Twitter, or a text from “Amazon” convinces you to sign in before they deliver.
A 2022 study indicates that 75% of companies have experienced brand abuse within the past year, and a Mimecast survey revealed that 61% would lose trust in a company if they fell victim to a spoofed version of the actual site. While unfair, the consequences of having your brand or trademark impersonated are real.
5. Domain Takedowns
Domain takedowns are vital in combating online threats like typosquatting and homoglyph tactics, which deceive users by registering similar-looking domain names to conduct phishing attacks or distribute malware. Organizations employ domain takedowns by swiftly identifying and reporting suspicious domains to domain registrars, initiating legal proceedings, or collaborating with cybersecurity firms. By taking down malicious domains promptly, organizations can safeguard their brand reputation, protect customers, and mitigate the risk of data breaches in the digital landscape.
Protecting your domain is synonymous with protecting your enterprise. Some attacks hit from within, some from without, but both can bring an organization down. That’s why securing against both internal and external threats is necessary.
A domain protection platform fits within the realm of “external cybersecurity”, while most other security tools today focus on “internal cybersecurity”, or threats that originate and detonate within the network. While many of these solutions can be found piecemeal, ZeroFox offers a domain protection platform trusted by Microsoft that combines all these qualities and more.
ZeroFox is the only unified external cybersecurity platform, from protection to response. We specialize in hard-to-find exploits lurking in the dark side of cyberspace, leveraging diverse data sources and artificial intelligence-based analysis to ferret out instances of domain compromise. With eyes on the public attack surface – including LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email, and more – we pride ourselves on our taking your organization’s good name out of bad places and putting it back into good hands; yours.
Tags: Domain Protection