Introduction
Oops…we did it again. It’s been a while since our last top blog post! We’ve been busy gearing up (pun intended) for in-person events, creating reports, and of course, writing blogs we hope you have found beneficial! As with staying on top of Employee Spotlights, it’s our goal to complete these with more regularity.
Since it’s been a bit, here’s a quick reminder of the purpose of this series. We want to highlight our most popular (the barometer for which is most-read) blog posts over the course of the quarter. If you’re unable to keep up with our posting schedule, you can use this high-level view to see what your peers found interesting and/or valuable.
Catch Up On Your Industry Reading
The Use Cases and Benefits of SVCB and HTTPS DNS Record Types
This one is actually from Q1, but it is a much loved blog post! It delves into SVCB (Service Binding) and HTTPS (Hypertext Transfer Protocol Secure) DNS resource record types and the use cases and benefits of each.
SPM55: Ascending the Ranks of Indonesian Phishing As A Service Offerings
We kicked off Q2 with this security research! This blog post focused on the cybercrime group, SPM55, and the uptick in activity related to phishing as a service. The DomainTools Research Team describes who this group is, who they typically target, and recommendations for impacted companies and brands.
A Sticky Situation Part 1: The Pervasive Nature of Credit Card Skimmers
The DomainTools Research Team comes in again on the Top 7 list with a post regarding credit card skimming. The crime group at the center of this article is CaramelCorp and their work using skimming as a service. These bad actors work hard to evade detection, though as you’ll find in this blog post, they do make some technical missteps related to authentication.
Non-Routable Private Address Space That Appears in DNSDB Results
Another post from Q1 that you readers can’t seem to get enough of! But who can blame you when the authors are Joe St Sauver and Paul Vixie? In this article, the authors discuss fully qualified domain names (FQDNs) meant for a more limited audience, but how they could still show up in the global DNS. They dig into how they made their findings along with asking the question, “is private address space leakage actually a problem?”
Mirror, Mirror, on the Wall, Who’s the Fairest (website) of Them all?
Our first solo blog post from Aaron Gee-Clough! He’s hitting homers right out the gate with his article on what the Alexa Top Million was, why it was sunset, and information surrounding DomainTools approach to creating our own Top Million list.
Stop Crypto Kleptos in Their Tracks
Ian Campbell’s first blog post for DomainTools since coming over in the Farsight Security acquisition! In this post, Ian writes about how tools such as DomainTools Iris Detect, Iris Investigate, and Farsight DNSDB underscore the need for cryptocurrency companies to engage with domain detection and passive DNS as early detection of phishing and other threatening behavior are critical as these organizations continue to gain popularity.
Threat Monitoring Newly Created Ukraine-Related Domain Names
As the conflict in Ukraine continued, we at DomainTools noticed an increase in the number of Ukraine-related domain registrations as well as domains related to soliciting donations (often for unnamed recipients). To help combat this, we created a new, free feed of newly observed or registered Ukraine-related domain names. Learn more about how it works and how to access it in the post.
What’s Next?
There’s plenty of security research, product enhancements, technical topics, and industry news coming in Q3. We will be attending some in-person shows including SANSFIRE, Black Hat, SANS DFIR, and SANS THIR, so if you’re attending those shows as well, please stop by and say hi!
If there are any topics you would be interested in reading about on our blog or covering in our weekly podcast, Breaking Badness, please feel free to tweet us at @DomainTools.
