DomainGuard’s core monitoring solution focuses primarily on detecting phishing and brand abuse as it relates to domain and website data. While our core monitoring solution is effective in both phishing and fraud prevention, it works best when supplemented with additional perimeter defenses.
As email monitoring solutions excel in blocking phishing attacks via email, attackers begin to leverage external sources such as social media, app stores, and even go as far as to purchase illegal, confidential data relevant to your organization.
DomainGuard’s perimeter monitoring goes beyond traditional domain and website monitoring to identify threats to your organization in social media, app stores, the dark web, and other third party vendor services.
DomainGuard monitors for illegitimate uses of your brand across social media and other vendor services. Scammers create fake LinkedIn profiles using stock photos or by impersonating other individual’s accounts. Through these fake social media accounts, the attackers can harvest employee information and establish credibility to then use their account to deliver a malicious payload. We’ve even seen scammers update wikipedia entries for legitimate organizations and use the hyperlinks in wikipedia to redirect users to illegitimate pages.
DomainGuard continuously monitors public dark-web sources for mentions of your brand. Navigating the DarkWeb requires accessing hidden sites through special browsers such as Tor. In addition to brand references, DomainGuard monitors breach statistics to identify any potential employee account compromise. Password re-use is one of the easiest ways for attackers to get in. Employees regularly use the same credentials for their work account, as they do personal, so it’s important to keep an eye on public breach statistics as the password one of your employees used for their personal account could be the same password they use in the workplace.
It’s important to also keep an eye on third party services that can be used by any organization. Threat actors will register for legitimate third party services using your branding in hopes to use these services as a payload delivery mechanism.
Vendor services are commonly abused in Subdomain Takeover attacks. These types of attacks occur when your organization is using a third party service which requires you create a pointer from one of your subdomains, to the service. For example, if your company is rolling out a new ecommerce store to sell your latest “swag”, you would create the subdomain entry “swag.company.com” and point your subdomain to the vendor service you’ve chosen for your store. If at any point in the future, your organization cancels your account with the service providing your store, you also have to remember to delete the reference created in DNS.
Attackers abuse these old subdomain references by identifying cancelled accounts with existing subdomain entries. They then register for the third party service and enter your old subdomain “swag.company.com”. Once this is accomplished, any users who try to navigate to your old swag store, end up on the swag store that is now maintained by the attackers.
Need more assistance?
If you found the information above difficult to consume or need additional assistance, please reach us by email at [email protected] or by filling out the contact form below.