Have you ever received an email from a colleague but in your gut felt that something was off? The spelling or grammar in the body of the message may have looked off, or the signature line different from past emails. Your spam filter may have even caught the email and flagged it as a potential phishing email.
When you took a closer look, you can quickly see that while the domain purported to be from your company, it was instead a close copy. For instance instead of the domain being:
It was actually:
If you’ve ever encountered this, you were likely the recipient of a spear-phishing campaign. Spear phishing occurs when malicious actors create targeted email accounts to deliberately trick individuals at a single company or organization. Normal phishing emails can be sent to hundreds of thousands of people at a time, while spear phishing usually targets a few dozen or hundred using a similar email domain to the organizations.
Domain monitoring can help you identify targeted attacks before they happen, and give you precious time to prepare your employees for the attack. This can mean the difference between a ransomware attack or a security incident, and can potentially save your organization millions of dollars.
So let’s dive right in:
What Is Domain Monitoring?
Domain monitoring involves using software to automatically detect when domains that include your company name, or look extremely similar to it, are registered. Many organizations register the common variants of their domain (.net, .co, .io), etc but there are thousands of top-level domains, and registering them all can be time-consuming and cost-prohibitive. That’s where domain monitoring software comes in.
Domain monitoring software (either standalone or part of a unified DRP platform) can automatically alert you when new or lookalike domains are created that include your company information. This can quickly tip you off to potential spear-phishing campaigns, typo-squatting, and other cyberattacks that could cost you time and money.
Why Is Domain Monitoring Important?
By some estimates, up to 33% of all company data breaches are caused by phishing attacks. And spear-phishing attacks can be even more devastating since in many cases the attackers are impersonating specific people at your company.
While many average phishing attacks are easy to spot, and even more easily caught by spam filters, spear phishers can trick incautious employees into downloading malicious files, wiring money, or engaging in other high-risk activities. The less security awareness training your employees have, the more likely they are to fall victim to a spear-phishing email.
The statistics are grim:
- 65% of malicious actors use spear-phishing as their primary method of attack
- 94% of malware arrives via email
- The average cost of a data breach is 3.83 million dollars
How Can You Start Domain Monitoring?
Getting started with domain monitoring first means taking into account your risk profile and understanding your current security posture. At a minimum, you should be employing the following security technologies and processes:
- Automatic Email Spam Filtering
- Email Security Software
- Regular Security Awareness Training for Employees
- Routine Simulated Phishing Exercises
- Mandated Two-Factor Authentication For All Employees
- Periodic Penetration Testing
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
The above measures are a great place to start. Implementing basic cybersecurity practices is more critical than ever before due to the precipitous rise of cyberattacks over the past five years. However, domain monitoring can add an extra layer of security to prevent spear-phishing attacks against both employees and customers.
You could routinely run searches for variations on your domain on ICANN to identify new potential registrations, however, this can be a time-consuming and error-prone process.
Most organizations that employ domain monitoring as part of the cybersecurity program use dedicated software to automatically identify when potential lookalike domains are registered, particularly those with the company’s name in them. A digital risk protection (DRP) platform can be a good alternative to software specifically designed to monitor domains.
DRP enables companies to get a holistic view of their entire external attack surface. This can enable better mean time to respond, and reduce the risk of data breaches.
How Does Domain Monitoring Fit Into Digital Risk Protection?
Digital risk protection helps you get an external understanding of what kind of data is online about your company. In some ways, it helps you see your organization’s IT and security posture the way a potential attacker would, from the outside in. For instance, DRP software can help you:
- Identify leaked accounts on the dark web
- Identify misconfigured cloud storage that could lead to data leaks
- Get visibility into targeted attacks
- Identify GitHub and technical data leakage
- Monitor for lookalike domains
Domain Monitoring with Flare
The Flare Threat Exposure Management (TEM) solution empowers organizations to proactively detect, prioritize, and mitigate the types of exposures commonly exploited by threat actors. Our platform automatically scans the clear & dark web and prominent threat actor communities 24/7 to discover unknown events, prioritize risks, and deliver actionable intelligence you can use instantly to improve security.
Flare integrates into your security program in 30 minutes and often replaces several SaaS and open source tools. Learn more by signing up for our free trial.