Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes.
The analysis examines event-related abuse trends across domain registrations, DNS and URL traffic, active domains, verdict change requests, and domain textual patterns, with specific examples from the 2024 Paris Olympics.
They leverage high-profile events to register deceptive domains mimicking official websites, aiming to defraud users with counterfeit goods and fraudulent services, potentially reaching millions of unsuspecting individuals.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
During the COVID-19 pandemic, threat actors capitalized on the crisis by launching targeted phishing attacks against government and medical institutions, as well as distributing malicious software disguised as COVID-19-related content to compromise systems and steal sensitive data.
Cybercriminals exploited the ChatGPT hype by creating fake tools and services, tricking users into revealing sensitive information or downloading malware, demonstrating their ability to capitalize on global trends.
By capitalizing on high-profile events, they are registering deceptive domains, leveraging DNS traffic anomalies, and employing unusual URL patterns, as analyzing domain registration trends, textual patterns in malicious domains, and verdict change requests can help identify and mitigate these threats.
Daily new domain registrations for event-related keywords are used to identify potential cyberthreats, as by comparing average daily registrations with suspicious domains linked to C2, ransomware, malware, phishing, or grayware, researchers highlight potential risks associated with trending events.
They used to identify textual patterns indicative of malicious intent, and by examining keywords, domain structure, and TLDs, we quantified the prevalence of suspicious domains associated with specific keywords and TLDs, providing insights into attacker preferences and potential red flags.
DNS traffic analysis reveals patterns in user behavior and potential malicious activity. Significant fluctuations or anomalies in DNS traffic, particularly for specific domains, may signify unusual network activity like command-and-control communications, especially during high-profile events.
The analysis of NRDs through URL traffic reveals trends in both overall and suspicious traffic, including significant spikes during current events, which indicates potential attacker exploitation of event topics, likely through phishing website visits.
The top 10 frequently visited domains for DNS and URL traffic to identify trends, understand shifts in user interest, and potentially detect emerging threats posed by newly popular domains.
Palo Alto Networks Test-A-Site experiences fluctuations in domain recategorization requests, including false positives and negatives, which are often triggered by sudden events and can cause significant spikes in request volume within short periods.
Threat actors target high-profile events, leveraging deceptive domains, phishing, and malicious traffic.
Security teams can proactively mitigate risks by monitoring domain registrations, textual patterns, DNS anomalies, and change request trends to identify and block malicious domains and thwart opportunistic scams.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses
Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…
Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…
The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information…
DMD Diamond - one of the oldest blockchain projects in the space has announced the start…
Researchers reported a phishing attack on December 4th, 2024, where malicious emails purportedly from the…
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed an advanced cyber attack…