Introduction
Wow, time flies! It’s already time to look back at the most popular blogs from the past quarter (which feels like a lifetime ago now that it’s mid-January 😱) Q4 2022 ended with a bang for us at DomainTools – we went to a few shows including Wild West Hackin’ Fest, GrrCon (and we had a great time talking to Caitlin Kiska on Breaking Badness), and Black Hat Europe. We also rolled out our Global Partner Program to expand our existing relationships in the U.S. as well as create new partnerships around the world. Finally, we made some predictions about what might occur in cybersecurity in 2023 in our last webinar event of the year (be sure to tune in at the end of this year to see if any predictions came true – so far, we were wrong about one topic).
If you’re new to this series, our goal is to review what blog posts security practitioners found most interesting, helpful, or fun from the previous quarter. For the occasional reader, it’s a place to catch up on posts you may have missed. So without further ado, let’s dive in.
Here’s What You May Have Missed
Purpose Built Criminal Proxy Services and the Malicious Activity They Enable
This is actually the absolute most popular blog of Q4 2022! DomainTools Research shared this because with the continued evolution of cybercriminal activity, supporting services become important to understand. Black Proxies is one such service marketed to other cybercriminals for its scope, reliability, and number of IP addresses.
Be sure to check this one out to learn more about the history of proxy networks, evolving tactics, and what defenders can do to protect their organizations against proxy network services.
The Move To Mastodon: Tips and Tricks
Q4 2022 brought some interesting shifts to the social media world. We saw a lot of folks in cybersecurity and information security make the jump to the decentralized Mastodon platform. It had previously been around, but its popularity soared beginning in early November, and we felt newer users might appreciate a guide if a change was in their future. This post covers what Mastodon is, tips and tricks to use it, and a list of your friends at DomainTools you can find there.
Announcing the DomainTools Global Partner Program
As mentioned in the Introduction, we launched our Global Partner Program in October! We acknowledge that value-added resellers, Managed Detection and Response providers, and Managed Security Services providers are crucial to our ecosystem, and therefore we set out to offer these partners the best in-class experience and help us extend our reach. This post includes details on what partners can expect from this program, but you can also learn more and see the accompanying Partner Portal in a webinar presented by Tim Durant and Tim Helming.
Flying Phish
This is one of two blogs from Barry Rellis that made it on this quarter’s list. This blog post explores and analyzes a recurring phishing campaign most recently used against a popular social media platform. It looks at the timeline, data gathered, provides analysis, and possible mitigations.
Crypto Phishing and Credential Stealer Footprint Continues to Expand
Another excellent post from Barry Rellis and the DomainTools Research Team! They were certainly on a roll in Q4. In this article, the team explores a recent malware campaign targeting Windows and Android users. Using our data, several pivot points were found which suggested a larger set of domains associated with the active campaign.
Celebrating Neurodiversity: How Companies Can Create Safe Spaces Using Employee Resource Groups
This piece comes from SecOps Engineer Ian Campbell as he shares his personal journey navigating neurodivergence along with how organizations can make the workplace safer for those who identify as neurodivergent. DomainTools facilitates a Neurodivergent Employee Resource Group (ERG) as part of its commitment to Diversity, Equity, and Inclusion (DEI), and Ian provides answers to frequently asked questions including what the group is, its goals, and challenges the group has faced in an effort to help other organizations who may want to create their own ERG.
CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware
And finally, our last popular blog from Q4 2022 actually comes all the way back from 2020. This article discusses what was found when monitoring domains leveraging the words “Coronavirus” and “COVID-19” including one domain purporting to be a live Coronavirus outbreak tracker available via an app download. Unfortunately, the app was tainted with Android ransomware called “CovidLock” denying victims’ access to their phones. It goes on to describe more on the ransomware in question along with how to increase your ransomware immunity.
What’s Coming in 2023
We’ll continue to provide relevant, thoughtful content throughout the course of the year regarding topical security research, industry news, product enhancements, and more. This blog is for you, our readers, and we welcome you to contact us on your social media of choice (LinkedIn, Twitter, Facebook, or Mastodon) if there are topics you’re interested in reading about on our blog.
