Who's that Knocking at the Front Door?
Webinars

Detecting Targeted Spearphishing Campaigns in the Preparation Phase

When you’re swimming along a coral reef with a speargun, a funny sensation will sometimes remind you that the hunter can become the hunted–and that’s when look over your shoulder for those big jaws. In this free and practical training session, I’ll show how you can turn the tables on spearphishers in cyberspace. We’re talking about going on the hunt – looking for attackers getting ready to target your organization.

A lot of anti-phishing technology is good at detecting and stopping general, widespread campaigns. But what about when your organization is specifically targeted? Spearphishers mount persistent and dangerous campaigns, especially around the areas of business email compromise or intellectual property theft. Since these campaigns are persistent and ongoing, however, we have a chance to get out ahead of them by detecting preparation phases and profiling the attacker and the campaign. The key to this is early detection of domains and IPs that the phisher intends on using.

Here’s how it unfolds:

  1. Attacker decides to go after a particular target, and registers one or more domains mimicking the victim organization and/or other businesses in close relationships with that victim (e.g. if you wanted to steal Apple’s plans for the next iPhone, you might pose as someone at their contract manufacturer Foxconn to gain unauthorized access)
  2. Would-be victim (defender) detects these registrations
  3. The defender blocks those domains, but also…
  4. …starts digging into correlated infrastructure
  5. ….and blocks anything closely tied to the original spoof domain(s)
  6. From here, the defender may choose to start monitoring other things besides just detecting other cybersquatting domains. For example, watch name servers, IPs, registrants, etc.

Proactive detection and blocking of emerging campaigns is effective and often fairly straightforward, but doing it requires some advanced technology and information, and that’s where our sponsor DomainTools comes in. Tim Helming will walk us through this process using two very cool DomainTools technologies: phishing domain detection tool PhishEye and infrastructure investigation tool Iris.

Threat Actors Move Fast. Iris Detect Helps You Move Faster.

Learn how DomainTools  can detect 68% to 96% more malicious domains per month.

See How

Related Content

Abstract digital DNS network connections with nodes and lines in purple and blue hues on a dark background, symbolizing concepts of technology and data communication in healthcare.
Webinar

Vital Signs: Using DNS to Predict Adversary Moves in Healthcare

Watch Now
A digital illustration of a complex network, depicted by interconnected lines and nodes with vibrant blue and green colors on a black background, visually represents the concept of "Malicious Intent and You: A Primer on
Webinar

Malicious Intent and You: A Primer on DomainTools Risk Scoring

Watch Now
Abstract image depicting a burst of blue and red light rays emanating from a central bright source, creating a sense of high-speed motion or energy explosion in a dark space, symbolizing the dynamic nature of
Webinar

Protecting Your Environment From the Unknown: Zero Trust and DomainTools

Watch Now
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap