As criminals continue to modify and beef up their tools including remote access Trojans (RATs), web shells, and command-and-control (C&C) obfuscators, the cybersecurity community isn’t far behind. The imminent threat of high-profile malware attacks, scams, and other forms of cybercrime has led to the growth of the cybersecurity industry. Indeed, the global cybersecurity market value will reach US$281.74 billion by 2027 from US$112.01 billion in 2019.
More enterprises and vendors are venturing into cybersecurity product development, and given the growing threat landscape, this is probably a good thing. Still, product quality matters and any offering is only as good as its cyber threat data. This brings us to the need for a newly registered domains database, a rich source of domain intelligence that can potentially fortify cybersecurity products in the making.
Newly registered domains (NRDs) refer to those created or updated within the last couple of weeks or months. To the uninitiated, this may be of little value. But for cybersecurity experts who understand how threat actors utilize these domains to execute scams, a newly registered domains list becomes a vital threat intelligence source.
A newly registered domains list can be a crucial domain intelligence source for several cybersecurity products. However, we zoomed in on two tools to illustrate how such a database can enhance their effectiveness.
1. Domain Reputation Scoring Products
To protect against cyberattacks, several organizations turn to domain reputation as an important indicator to decide whether to grant access to a domain or not. A reliable domain reputation tool should take into account different security data points, including the age of a given domain as research shows that 70% of newly registered domains are malicious.
Take, for example, new domains that contain the word “corona” in them. Cybersecurity experts detected a surge in malicious domains that take advantage of the ongoing coronavirus pandemic.
This finding is consistent with the data we gathered from our newly registered domains database for 19 April 2020. In it, we saw 239 recently registered domains containing the word “corona.”
April 19 wasn’t the only date we noticed such occurrences. On 29 February, 384 new “corona” domains made it to the list. On 31 March, the newly registered domains database showed an additional 451 domains. The domain names varied from cashforcorona[.]com to corona-donations[.]com.
While some of these domains could be legitimate, we can’t discount the fact that most could figure in phishing attacks and other malicious activities.
In short, developers of domain reputation scoring products can create a more reliable tool if they integrate a newly registered domains list in their scoring algorithm. Their clients would be more protected against threats that weaponize freshly registered domains.
2. Brand Protection Tools
There are several variants of brand protection tools available today. These products include social listening tools that allow brand owners to know how the market uses their brand names. Some are trademark search tools that enable brand owners to track the unauthorized use of their intellectual properties.
Brand protection is, however, also becoming a cybersecurity issue. Most phishing websites, for instance, mimic the name and appearance of popular brands to lure in victims. As such, there’s a need for brand protection tools that check for the use of brands in domain names.
The newly registered domains database under the .com TLD we downloaded, for instance, listed 13 domains that use the Netflix brand.
A simple WHOIS search tells us that the main Netflix website netflix[.] com’s registrant is Netflix, Inc. The organization, however, doesn’t seem to own any of the 13 domains that showed up on the newly registered domains list—some of which belonged to individuals in France, Panama, and even Quebec.
Any of these domain names could at some point figure in phishing attacks that lure Netflix subscribers into divulging their login credentials or credit card details.
Domain reputation scoring and brand protection applications are just two of the cybersecurity products that can benefit from the integration of a newly registered domains database. The domain intelligence gleaned from the newly registered domains list can also power threat intelligence platforms and other security solutions.