In September, our team at DomainTools traveled to Las Vegas for Crowdstrike’s premiere cybersecurity conference, Fal.Con. We had an exciting time seeing the latest developments from Crowdstrike and other partners within the industry. It was also an interesting time to be in Las Vegas with the city undergoing construction to host a Formula 1 (F1) race on November 19th. At the surface, the two subjects could not seem any more different, but our observations from the conference showed that cybersecurity’s involvement with the race is at full throttle.
Adversaries are Targeting the Formula 1 Race
The buzz of Formula 1 coming back to Las Vegas was front and center as one of the premiere attendees at Fal.Con was Crowdstrike Racing. The cybersecurity company has a full partnership with Mercedes-AMG Petronas Formula 1 team and had them on full display at the very front of the exhibit hall. In a case study, the F1 team cited their partnership with Crowdstrike as a necessary one due to leaders in the racing industry such as themselves being heavily targeted by digital adversaries.
We can back up this statement with all of the spoof domains and results that we’ve monitored around the variations of “formula one,” “formula 1,” and “formula 1 las vegas” in just the past 90 days. Using Farsight DNSDB, our team uncovered 464 suspicious RRnames (the fancy term for DNS A record resolutions) with “formula one” as the keyword, 2688 with “formula 1,” and 64 referring to “formula one las vegas.” F1 is one of the fastest growing sports with a global reach and viewing these races, whether via streaming or securing tickets to go in person, is often done online. Adversaries know this and have a pit crew ready to quickly weaponize these domains and go after fans.
A good rule of thumb is to stay away from domains that spell out “one,” as the official racing organization will always use the number 1 in the links they build. However, with so many spoof domains in existence, there are still several suspicious domains that use the number 1 and almost look official. Some interesting strings we discovered through our passive DNS insights included formulaonestream[.]cc, formula1-vegas[.]com, and formula-one.ticketst[.]com
DomainTools for Crowdstrike
When you’re in a race against threat actors, there’s no one faster at getting your security team to the finish line than DomainTools. We had an incredible time going to Fal.Con meeting with customers and partners, finding new ways to collaborate with Crowdstrike and other industry leaders. If you are a Crowdstrike customer, our DomainTools Iris Threat Intelligence App within CrowdStrike Falcon is available for download as an API and can help you not just find the adversary trying to run you off the road, but their entire pit crew.
Collaboration is Key
Putting the “crowd” in “Crowdstrike,” one of the themes that Crowdstrike consistently lives by is collaboration. The goal of Fal.Con is to gather “a global community of protectors” and move cybersecurity into the future. Where other industry events allow any business that wants to join to attend or exhibit, at Fal.Con only Crowdstrike customers and investors are allowed to attend, and only companies that actually partner with Crowdstrike are allowed to exhibit. It’s rare to find direct competitors at this event and more conversations can be had on how one organization could help the other and address a wide range of use cases that the cybersecurity industry finds itself facing.
This theme of collaboration could be found in the events that took place throughout the week. Thirteen-time Grand Prix Winner and F1 racer David Coulthard led a session on the importance of collaboration to drive innovation in his world and the world of cybersecurity, “when every second counts.” One group of competitors that Crowdstrike was able to bring together for the conference were the CISOs from the heavily combative Big Ten division, containing some of the largest colleges in the world; they talked about their ability to work together off the field to protect their universities from cybersecurity threats. Finally, the conference concluded on Wednesday evening with a celebration that pulled the entire Crowdstrike community closer headlined by The Chainsmokers!
Stop Kicking the Tires on Internet Infrastructure
Fal.con never disappoints as a conference, and the F1 theme was a clever way to emphasize speed and collaboration. We hope you’ll get more laps out of your investigations with automated domain indicators and predictive risk assessment that enable your team to make decisions faster and win the race against adversaries. Farsight DNSDB can show you how threats emerge and evolve over time, while Iris Investigate can map connected infrastructure to get ahead of threats.
Learn how to take advantage of the exciting new developments in cybersecurity that were unveiled in Fal.Con or see our solutions in action by scheduling a conversation with one of our experts today.
