Hackers Attacking Sporting Events Via Fake Domains To Steal Logins
Cybercriminals leverage high-profile events, such as global sporting championships, by registering fake domains to launch phishing and scam attacks. Researchers uncover suspicious domain registration campaigns, especially when event-specific terms or phrases are used in recently registered domains. Event-related abuse focuses on patterns such as domain registrations, DNS traffic, URL traffic, most active domains, verdict change […] The post Hackers Attacking Sporting Events Via Fake Domains To Steal Logins appeared first on Cyber Security News.
Cybercriminals leverage high-profile events, such as global sporting championships, by registering fake domains to launch phishing and scam attacks.
Researchers uncover suspicious domain registration campaigns, especially when event-specific terms or phrases are used in recently registered domains.
Event-related abuse focuses on patterns such as domain registrations, DNS traffic, URL traffic, most active domains, verdict change requests, and domain textual patterns.
High-profile global events, such as product launches and sporting championships, attract cybercriminals who seek to capitalize on public excitement.
“These criminals register deceptive domains mimicking official websites to sell counterfeit merchandise and offer fraudulent services. These sites can reach millions of people searching for event-related information or resources”, Palo Alto Networks report shared with Cyber Security News.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Hackers Attacking Global Sporting Championships
When threat actors take advantage of high-profile events, they frequently leave warning indicators in particular metrics.
Defenders should keep an eye out for any unusual behavior in the following areas:
One of the first steps taken by malicious actors when selecting popular subjects to exploit is to register domains with appropriate keywords.
Therefore, examine the historical newly registered domains (NRDs) that contain event-specific keywords to delve deeply into certain event-related cyber threats.
According to reports, more than 200,000 newly registered domains (NRDs) are found daily via sources such as zone files, WHOIS databases, and passive DNS.
Examining the keywords, structure, and even top-level domain (TLD) indicators within these domains can reveal common characteristics that point to malicious intent.
Dive into the textual patterns of these recently registered domains to show the number of domains that contain a specific keyword and the proportion of suspicious domains.
Trends in DNS traffic can reveal important information about how users behave online and the tactics used by hackers. Anomalies in DNS traffic, such as spikes in queries for particular domains, may indicate unusual activity like C2 communications.
It should be noted that the percentage of fraudulent DNS traffic during the 2024 Olympic Games ranged from 10% to 15%.
There were spikes in malicious DNS activity around important events, such as the opening ceremony on July 26 and the 100-day countdown on April 20.
URL traffic can be used to analyze event-related NRDs. This shows the suspicious traffic ratio, notable surges during current events, and URL traffic trends for both suspicious and overall NRDs.
This pattern may reveal the tactics attackers use to take advantage of event subjects, especially regarding visits to phishing websites.
If any noteworthy findings are discovered in DNS or URL traffic, the patterns of the top ten domains most commonly visited over a given period might be examined.
This research might highlight changes in visitor interest or identify rising problems as new domains acquire popularity.
Change request trends are the frequency and amount of requests to recategorize network domains. These requests involve both false-negative and false-positive modifications. Unexpected incidents and other sudden events can quickly lead to a spike in change requests.
“By monitoring key metrics like domain registrations, textual patterns, DNS anomalies, and change request trends, security teams can identify and mitigate threats early,” researchers said.
Actively examining these patterns yields useful information that helps businesses prevent opportunistic scams and block malicious domains.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses
The post Hackers Attacking Sporting Events Via Fake Domains To Steal Logins appeared first on Cyber Security News.
What's Your Reaction?