TMCnet News
DomainTools Identifies Threat Group Actively Spoofing Fortune 500 RetailerSEATTLE, Aug. 6, 2019 /PRNewswire/ -- Today, DomainTools, the leader in domain name and DNS-based cyber threat intelligence, announced it has identified an ongoing domain name spoofing campaign specifically targeted at domain names associated with Fortune 500 retailer, Walmart, as well as online dating and popular movies. The DomainTools research team has explored more than 540 potentially malicious domains being used by a sophisticated threat actor or group with the possible intention of harvesting consumer credentials. Domains discovered through DomainTools PhishEye and investigated in DomainTools Iris, uncovered registrant details that point to Pakistan and Bangladesh, but a majority of the IPs are located in the United States. Of the 540+ identified domains in the campaign, only 181 have appeared on blacklists. The others were given average risk scores of 93 which indicates that they have a very high likelihood of being blacklisted in the future. "The number of malicious domains that surfaced in this campaign is alarming and likely an indication of the threat actor or group's resources and sophistication," said Corin Imai, senior security advisor, DomainTools. "Our initial intent was to take a closer look at Fortune 500 companies, but our investigation led us down an unexpected path. Thanks to the robust investigative and pivoting features in our products, we were able to unearth an entire campaign. Althugh we successfully detected and to some degree identified the intent of this campaign, we are committed to uncovering its scale as well as more information about those behind it." A signal of this campaign's level of sophistication and apparent intent to harvest credentials is the ability to mimic the look and feel of the sites they are spoofing. Of the domains found to date, many appear to target job seekers and individuals interested in online dating. There is enough traffic to these sites to warrant further investigation into whether people are submitting their personally identifiable information and unknowingly turning over their credentials to threat actors. While the DomainTools research team continues to unearth the intent of this campaign and potentially the actor/group behind it, here are some recommendations for organizations and consumers facing the pervasive issue of website spoofing: For organizations:
For consumers:
Given the scope of this campaign, there is still a significant amount of new data that will come to light over the coming months. To remain current on new developments in this investigation, monitor for updates by checking DomainTools' blog. About DomainTools
View original content to download multimedia:http://www.prnewswire.com/news-releases/domaintools-identifies-threat-group-actively-spoofing-fortune-500-retailer-300896951.html SOURCE DomainTools |