Cyber-attacks using malicious lookalike domains, email addresses and other types of registered identifiers are rising, domain name system (DNS) security provider Infoblox found.
In a recent report, called A Deeper Look at Lookalike Attacks, which the company will present at Infosecurity Europe, the Infoblox Threat Intelligence Group (TIG) found over 1600 domains used since the beginning of 2022 alone that contained a combination of corporate and MFA lookalike features, with worldwide targets ranging from large corporations to major banks, software companies, internet service providers, and government entities.
However high that number might sound, it’s nothing compared to the surge in top-level domain (TLD) registering, which makes it harder for security researchers to spot the bad apples, Gary Cox, technical director for Western Europe at Infoblox, told Infosecurity.
"On average, there are 180,000 new domains registered every single day, which equates to roughly two per second. Certainly, not all of those will be lookalikes, let alone malicious, of course. But with that volume, identifying the malicious lookalikes is like trying to find a needle in a haystack. No wonder Infoblox had to look at over 70 billion DNS records to put this report together,” Cox said.
A Needle in a Haystack
Nevertheless, Cox added that the surge in registered lookalikes has more to do with criminality and less with this TLD usage increase.
“It's challenging today to get a TLD in [.]com. But if I want to go for [.]xyz, [.]top or [.]tk – which is managed by Tokelau, a small island and territory of New Zealand in the South Pacific and has extensively been used for malicious purposes – it's very easy and cheap,” he said.
No tags.
