Threat Intelligence Blog

In Tuesday’s blog post we discussed what bitsquatting is and how it happens. But how can bitsquatted domainDomain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website. names actually be used, and how can you protect your organization?

Here are just a few examples of the ways fraudsters can exploit a domain name that takes advantage of bit-flipping:

  • Set up a rogue “update server” that sends a malicious version of a mobile app, patch or OS update to devices that auto-check for updates
  • Set up a drive-by install of malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. that could infect older or unpatched versions of a particular system, potentially giving someone a backdoor into each infected system, log keystrokes, or steal data
  • Set up a classic “phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. page” such as a spoofed copy of a well-known banking or ecommerce website

What can you do to protect your organization and customers?

The good news is that this is a relatively simple, inexpensive risk to mitigate. Here are four simple steps you can take to address your risk:

  1. Identify potential bitsquatted domain names: scripts are available online to do so, or qualified organizations can request a list from Cyveillance
  2. Register all potential bitsquatted domain names that are available, typically for a total cost of a few hundred dollars
  3. Identify any bitsquatted domain names already registered, find out if they are live, and how they are being used
  4. Initiate shutdown and/or recovery procedures against bitsquatted domain names being improperly owned or used another party

Most of these simple steps can be done in-house, or contact us to find out how we can assist you. To learn more on this topic, view our on-demand webcast.

Additional Posts

Ten Physical Security Tips for Mobile Devices

There have been numerous articles written about security vulnerabilities in mobile devices and the ...

Bitsquatting Explained in 900 Words or Less: Part II

In our previous blog post, we explained what bitsquatting is and how it happens. But how often does ...