Threat Intelligence Blog

In our previous blog post, we explained what bitsquatting is and how it happens. But how often does it actually occur?

Actually, it’s more common than you might expect. The original researcher who first wrote extensively on this issue, Artem Dinaburg, registered just 32 “bitsquat” domain names, and he logged tens of thousands of requests for bit flipped domains over a roughly 7-month research window.

Cyveillance wanted to validate the issue first hand, so we kicked off a small-scale study. We registered four domainDomain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website. names that bitsquat on domains for major sports, video streaming, photo sharing and content delivery sites. In the first week, we saw an average of 27 requests, or lookups, per domain name. Given the potential value of such websites for phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks, malicious updates to existing software, drive-by virusVirus: A hidden, self-replicating piece of code written to have a detrimental effect that is designed to become a part of another program. LookingGlass Cyber (n) - it’s when your computer catches a cold and it may or may not make it. downloads and other nefarious activity, even a few dozen requests per week could be enough of an incentive for bad actors to set up a fraudulent domain name.

It’s also important to understand that this is likely to happen far more in the near future. The number of Internet-connected devices per household is expected to climb dramatically in the next few as the “Internet of Things” grows. Experts predict some 30 to 50 billion devices will be connected and online within 5 to 6 years. Gartner predicts that the total economic value add will be $1.9 trillion dollars by 2020, benefiting industries such as retail, healthcare, and transportation. As devices and apps become ubiquitous, and more automatic DNS lookups happen between them, the potential for bit flipping will likely grow exponentially.

In our next blog post, we’ll explore some of the ways that bitsquatted domain names can be used for malicious purposes, and what you can do to protect your organization and customers.

Additional Posts

Bitsquatting Explained in 900 Words or Less: Part III

In Tuesday's blog post we discussed what bitsquatting is and how it happens. But how can ...

Bitsquatting Explained in 900 Words or Less: Part I

Bitsquatting is a relatively new term derived from combining the phrases "bit flipping" and ...