Cybercriminals have many schemes that involve the creation of malicious or phishing domains. They can use those domains in attacks on your customers, partners or even your employees. That is why from time to time companies need to block a dangerous domain, and some of them faces such threats quite often. Usually takedown of a malicious domain is not impossible, but it requires certain expertise and a lot of time. But usually when you identify such a threat, you do not have time to waste — it can lead to a loss of revenue, reputational damages, loss of customer trust, data leaks, and more. That is why we upgraded our threat intelligence portfolio with a new service — Kaspersky Takedown Service.
Importance of Threat Intelligence
Threat intelligence is a set of services that help businesses to navigate in the cyberthreat landscape and take the right decisions for enhancing their cybersecurity. In a nutshell, it’s all about the collection and analysis of data about the epidemiological situation within and outside a corporate network. Threat intelligence services include professional tools for incident investigation, analytical data about new targeted cyberattacks and much more. With the help of threat intelligence, a cybersecurity expert can track of what the potential adversaries are up to, how well they’re armed, and what strategies and tactics they use these days.
One of the most useful services of our Threat Intelligence portfolio is the Digital Footprint Intelligence (DFI) service. It puts together a detailed, dynamic ‘digital portrait of an organization’ (network perimeter resources – IP addresses, company domains, cloud and hosting providers used, and also employees, associated brands, subsidiaries and branches), and subsequently monitors any mentions of this information in open sources, in the darknet and deepweb, and also in our own knowledge database that contains information about almost a thousand of ongoing targeted attacks and various malicious tools.
Thus, DFI uncovers vulnerabilities and potential threats and data leaks, plus signs of past, current and even planned cyberattacks – and it is exceptionally effective (here is just one example of our DFI-investigations in the Middle East).
What can you do with a malicious domain?
So what should your security officer do if the monitoring found, for example, a phishing website that’s pretending to be one of your sites, and it’s collecting credit card numbers of your users? Normally in such a case an organization would need to undertake a resource consuming procedure to collect proof of the cyber-fraud, to create a takedown request and send it to the organization managing the site’s domain zone, to monitor the request is being carried out, and to provide extra materials if needed. It’s a rather labor-intensive task, demanding a designated specialist (or even a whole team of experts).
Now our DFI service has an upgrade — a Kaspersky Takedown Service that can be used for managing the blocking of malicious, phishing and typosquatting domains. As soon as DFI finds such a threat, all the users need do is click their mouse a few times to create a request for blocking a site. After that, everything’s automated. We collect the evidence, we send it to the competent authorities, we follow up the request, and we inform the customer about every stage of this process.
Over several years we’ve been establishing solid professional relations with domain name registrars, national and industry-specific emergency response teams (CERTs), international cyberpolice (INTERPOL, Europol), and other relevant competent organizations. For us today it takes on average a few days to get a malicious site blocked (depending on the domain zone, domain level, and the hosting provider). And it’s not too expensive, while at the same time use of our DFI relieves experts from complex non-core work, lowers digital risks, and allows staff specialists to concentrate on their own priority tasks.
You can sign up for our threat intelligence services here.