In Tuesday’s blog post we discussed what bitsquatting is and how it happens. But how can bitsquatted Domain:
A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available.
LookingGlass Cyber (n) - A fancy name for a URL or website. names actually be used, and how can you protect your organization?
Here are just a few examples of the ways fraudsters can exploit a domain name that takes advantage of bit-flipping:
- Set up a rogue “update server” that sends a malicious version of a mobile app, patch or OS update to devices that auto-check for updates
- Set up a drive-by install of Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. that could infect older or unpatched versions of a particular system, potentially giving someone a backdoor into each infected system, log keystrokes, or steal data
- Set up a classic “Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. page” such as a spoofed copy of a well-known banking or ecommerce website
What can you do to protect your organization and customers?
The good news is that this is a relatively simple, inexpensive risk to mitigate. Here are four simple steps you can take to address your risk:
- Identify potential bitsquatted domain names: scripts are available online to do so, or qualified organizations can request a list from Cyveillance
- Register all potential bitsquatted domain names that are available, typically for a total cost of a few hundred dollars
- Identify any bitsquatted domain names already registered, find out if they are live, and how they are being used
- Initiate shutdown and/or recovery procedures against bitsquatted domain names being improperly owned or used another party