According to a report from security company, Palo Alto Networks’ Unit 42, malicious cybersquatters are actively targeting major brands across various industries.
Almost 14,00 domain names were registered by cybercriminals in December 2019 that appeared to be related to existing domain names or brands, with the intent of profiting from user mistakes.
In the report, the security company’s squatting detector system discovered 13,857 squatting domains were registered in the month, an average of 450 per day. Palo Alto Networks found 2,595 (18.59%) squatted domain names were malicious, often distributing malware or conducting phishing attacks, and 5,104 (36.57%) cybersquatting domains studied presented a high risk to users visiting them, meaning they have evidence of association with malicious URLs within the domain or are utilising bulletproof hosting.
The top brand found to be the target of the malicious cybersquatters was PayPal.com with an “adjusted malicious rate” of around 70% followed by Apple.com (58%), RoyalBank.com, Netflix.com, LinkedIn.com and Amazon.com, all with an “adjusted malicious rate” of around 38%. In their top 20 domains, the only non-.coms were panda.tv, shopee.tw and suddenlink.net, all with an “adjusted malicious rate” of around 22%.
There were 8 types of malicious domains observed by Palo Alto Networks observed from December 2019 to August 2020: phishing, malware distribution, Command and Control (C2), re-bill scams, potentially unwanted programmes (PUP), technical support scams, reward scams and even domain parking.
Among these there were 6 types of squatting techniques: typosquatting (domain names deliberately registered with typographical errors), combosquatting (combining popular trademarks with words such as “security,” “payment” or “verification”), homographsquatting (taking advantage of internationalised domain names), soundsquatting (domains taking advantage of homophones or words that sound alike), bitsquatting (domains have a character that differs in one bit or character) and levelsquatting (include the targeted brand’s domain name as a subdomain).
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, domain name brokerage and dispute management and brand security consultation services.