SECURITY
SECURITY
SECURITY
Report finds cybersquatting is on the rise and targeting major brands
Cybersquatting, the process by which domain names are registered to mimic those belonging to legitimate companies, has always been a problem. Now a new report from Palo Alto Networks Inc.‘s Unit 42 threat intelligence team details how the practice continues to rise when it comes to major brands.
The report details how Palo Alto Networks’ squatting detector system discovered that 13,857 squatting domains registered in December, at an average of 450 per day. Of those domains registered, 2,595 or almost 19%, were found to be being used for malicious purposes.
Some 5,104 more domains, or almost 37%, were found to present a high risk to users visiting them. The latter included evidence that the domains had associations with malicious URLs within the domain or were using bulletproof hosting favored by bad actors.
To no great surprise, top companies were found to be targeted by cybersquatters the most. Paypal Inc. topped the list followed by Apple Inc. and the Royal Bank of Canada. Rounding out the top 10 were Netflix Inc., Microsoft Corp.’s LinkedIn, Amazon.com Inc., Dropbox Inc., Tripadvisor Inc., Bank of America Inc. and Mexican bank Grupo Financiero Banorte, S.A.B. de C.V. Facebook Inc., Google LLC and Microsoft Corp. ranked 13th to 15th.
The domains were used for a variety of purposes. Phishing, the process by which malicious actors attempt to steal login details for legitimate sites, topped the list, followed by malware distribution.
Third on the list is what the report describes as a “re-bill scam.” That’s designed to steal victims’ money by offering a small initial payment for a subscription service such as weight loss pills. When a user doesn’t cancel the subscription after the promotion period, a much higher charge appears on the credit cards.
Potentially unwanted program scams were also popular, particularly targeting domains related to Wal-Mart Stores Inc. and Samsung Electronics Co. Ltd. In those cases, the sites distribute programs such as spyware, adware or a browser extensions. Once installed, the programs then make unwanted changes such as changing a browser’s default page or hijacking the browser to distribute ads.
“We recommend that enterprises block and closely monitor their traffic, while consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site,” the report concludes.
Image: Palo Alto Networks
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
