Impersonation techniques are at the root of many cyberattacks. Phishing attacks 和 targeted spear-phishing against company executives are familiar forms of impersonation. 其他 types of impersonation include scam marketing 和 sales campaigns, 和 attempts to profit from unsuspecting users by fooling them in some way. All have the potential to damage an organization’s bottom line, br和 reputation, 和 customer trust.
AOne of the most common impersonation techniques is domain name spoofing. 其他s include br和 impersonation on social media 和 the distribution of fake mobile apps. It is trivial for malicious actors to register a domain name 和 set up a website that has a URL similar to the one used by a legitimate organization. A common spoofing technique involves registering a domain name with one or two characters different from a domain name that cybercriminals are planning to attack. Often the changes are made to make the resulting URLs look the same. 例如, by replacing the letter l with the number 1, or the letter o with a zero.
威胁命令 monitors multiple sources to identify suspicious domain name activity that could indicate potential spoofing or other cyberattack planning. Monitoring occurs on the clear, deep, 和 黑暗的网络, using web crawling 和 deep web analytics. Domain name registration sites 和 website hosting providers are also monitored to look for spoofed domain name activity. Social media discussions, 网络论坛, text 和 code-sharing sites, 和 image-sharing sites (using image analysis) are monitored as well.
The information obtained from the comprehensive searching needs to be analyzed to identify suspicious activity. Not all close matches to domain names represent a cybersecurity risk. 例如, someone may have a last name that is close to an organization’s br和 name 和 may register a similar domain name for a personal site.
威胁命令 analyzes the information gathered on domains 和 categorizes the threat level as High, 媒介, or Low via the 威胁命令 dashboard. Our 服务 team uses this information, plus their extensive threat experience, to determine which domain name registrations or sites pose a threat.
Once a domain name registration or website that is spoofing your organization is identified, it must be taken down as soon as possible. The sooner this is done, the lower the likelihood of an attack.
Rapid7 has a dedicated team of takedown experts who know how to format 和 submit valid takedown requests to domain registrars 和 hosting sites. Takedown request formatting 和 submission to popular domain name registrars 和 web hosting sites are built into 威胁命令 for rapid response by customers 和 our internal takedown team.