Phishing is one of the most enduring fraud tactics having been first seen in the 1990s and coming into its own in the early 2000s, as broadband made the internet easier to use for everyday tasks like shopping and, crucially, banking.
Emails or messages mimic official communications from banks, online selling and auction websites and others where financial details are required. The emails send recipients not to the genuine websites, but to carefully crafted imitations, where users enter their details – usernames, passwords, personal information and even credit card details. These are then collected and sold on the dark web – the online underground.
There are many different types of phishing, differing on the targeting method. The main ones are:
- Phishing - general indiscriminate attacks sent to (usually purchased) lists of email addresses
- Spear phishing - highly targeted to specific organizations or specific people at those organizations, using social media and other investigative techniques to obtain personal details
- Whaling - spear phishing targeting top-level executives, who have often been easy prey
There are also attack techniques that use the same tactics as email phishing but on different channels:
- Phishing using instant messaging apps - early successful frauds used AOL’s Instant Message platform
- SMSishing - Text messages to mobile phones with malicious links
- Vishing or ‘voice phishing’ - although this is arguably different as it rarely involves sending victims to spoof domains
It’s important to note that spear phishing and whaling are often used in the early stages of advanced persistent threats (APTs). This is where bad actors use a combination of cyber threats in targeted and sustained attacks on selected organisations. Phishing is still the most effective way of getting login credentials in an organization. From there, attackers will look for administrator accounts or find crucial systems or data that can be cracked by other methods before launching an orchestrated campaign to achieve their aims.
Domains can be blocked - but which ones?
Blocking access to the domains that phishing attacks use is effective, but only once the domains become known. This gets harder as criminals generate domain after domain so that, as each one is discovered and entered on a blacklist, they can switch to another. This domain creation is done quickly, often on demand, using “domain generation algorithms” – domains created in this way are often referred to as DGAs.
Because the domains are always spotted in the end, criminals use them very aggressively as soon as they go live, then use tails off after the first day or two. This period is often known as “dwell time”.
The problem therefore is how to block malicious domains before they become known to everyone – after that point they won’t be used a great deal.
To shorten dwell time, Nominet’s ground-breaking NTX cyber security platform uses a variety of analysis techniques and cross-referencing to spot DGAs before anyone else. The core is deep domain name server (DNS) packet analysis, the value of which is explained in this tip sheet for cyber security teams.
DNS - the information goldmine
DNS is the phone book of the internet, converting the domain names used by apps and devices into the numerical addresses that they understand. It’s an open, global standard, otherwise the internet wouldn’t work everywhere the way it does now. Crucially DNS packets are also allowed through unchallenged by most cyber security solutions, because blocking them would cause too much disruption.
This means billions of DNS data packets constantly flying around the world, all containing information about domains, good and bad. Using Nominet’s in-house developed machine learning and analysis techniques, NTX can predict, detect, then block malicious domains, keeping your network safe from harm. If an internal user does click on a link in a phishing email or message, NTX will prevent that user from getting through to it.
Easy to install protection
The platform can be installed in-house, controlled by a cyber security team. It’s quick to install and doesn’t require any specialist hardware. For organizations without in-house cyber security analysts, NTX is available as a managed service, coupled with a managed DNS service, and run by our team of DNS and cyber security experts.
For a very quick overview, this infographic lays out the key facts and is ideal for passing around an organization that’s thinking of adding a DNS analysis layer to its existing security stack.
Join the ranks of super-safe organisations
If you think your organizations systems and data deserve the most comprehensive protection from cyber threats, get in touch to arrange a no obligation demonstration of Nominet NTX.
Combatting phishing attacks via the DNS
Phishing is as old as the internet itself, remaining one of the most prolific attack vectors for cyber criminals. This infographic demonstrates the threats phishing can pose and how Nominet’s NTX provides the essential protection your business needs.