PREVENT PHISHING & TARGETED CYBER ATTACKS by using our domain monitoring
In today’s interconnected world, organizations are prime targets for cyberattacks, with phishing and malware attacks being among the most prevalent. Early detection is key, and our Threat Intelligence Product enables precisely that.
Cyber attackers often employ strategies like typo squatting, a tactic where they register domains that closely resemble legitimate ones. An example would be an attacker targeting a bank and registering a domain like ‘www.bannkofexample.com’. At a quick glance, your customers or employees might not spot the difference, thus falling prey to the attacker’s tactics.
The Threat and our Solution
Kaduu vigilantly monitors all new global domain registrations for similarities to your own. This proactive approach helps identify potential threats at their genesis, allowing you to thwart an attack before it materializes. However, attackers can be crafty, often embedding your organization’s name within a subdomain or a directory. For instance, they might use URLs like ‘www.randomsite.com/yourbankname’ or ‘yourbankname.fakesite.org’. Such subtle incorporations are designed to exploit human oversight and amplify the attacker’s success rate.
Our product enhances your defense by not only tracking domain registrations but also by monitoring SSL Transparency logs, allowing you to also detect your domain name within the subdomain part of a malicious URL. SSL Transparency logs are public records maintained by SSL providers detailing each SSL certificate issued. Scrutinizing these logs aids in unmasking potential hidden threats lurking in the subdomains.
What We Monitor
We monitor all new domain registrations (ccTLDs, gTLDs, uTLD, sTLD). In doing so, we also record typical typo squatting techniques as mentioned above. A newly registered domain that has some similarities to the client’s domain will create an alert in Kaduu.
Additionally, we monitor all SSL certificate transperency logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain.
Further fortifying your cyber defense, our product also integrates information from resources like PhishTank, OpenPhish and similar sources. These repositories maintain a global database of URLs reported for phishing or disseminating malware, allowing us to also detect your company or brand name within a directory of a URL.
By combining above sources, our product provides you with comprehensive, real-time visibility into potential cyber threats.
More information
How we monitor domains
Passive Domain monitoring involves monitoring publicly available databases of registered domains. However, since ccTLDs are not obliged to make the registered domains available to the public, entries for new domains are not found at all or with a delay of weeks. For this reason we offer additionally an active monitoring of typo-squatted domain variations. You can enter your own domain here and we will generate around 7000 variations of this domain as commonly used by hackers. This list of domains is then pro-actively monitored for active DNS entries on a daily basis.
Analysis of results
Kaduu offers a wide variety of tools to analyze and rate the discovered domains that appear suspicious. These include capturing key properties such as WHOIS, geolocation, open web services, screenshots, similarity to the original site (AI based analysis) and source code.
Get Timely Notifications!
Using Kaduu’s domain monitoring service, you can create alerts that can be delivered via email in CSV, docx or JSON format, inside the dashboard or via REST API.