As the COVID era began to play out over the past few years, cybercriminals gleefully embraced ransomware as their preferred malicious attack methodology for monetizing data breaches. How much so? Damages from ransomware alone are expected to exceed $30 billion worldwide in 2023. The actual number of individual attacks rose from approximately 300 million in 2020 to well over 600 million in 2021. But while ransomware as a trend was gaining headlines, the underlying hacking techniques that cybercriminals deploy to effectuate the data breaches that make ransomware attacks possible aren’t always as well understood. That needs to change if IT security organizations are to successfully protect the organization, the brand, users, devices and data going forward.
Consider: according to a recent report from cybersecurity firm Acronis, almost half of all data breaches in 2022 began with stolen credentials. Six hundred malicious email campaigns were launched in the first half of 2022, 58% of which were phishing emails and 28% contained malware. Cybercriminals have shifted toward attacking key entry points on networks that rely on cloud services or seek unpatched or software vulnerabilities to launch attacks. They’re also increasingly relying on techniques and methods including:
- Phishing Sites – Criminal websites set up in an attempt to steal user credentials with URLs very similar to the actual web address.
- Malicious name servers – A server that provides Authoritative Domain Name Services only for malicious domain names.
- Stolen credentials or other content – Stolen corporate proprietary information (e.g., access credentials, personally identifiable information, credit card data), usually found hosted in a forum or a fraudulent host account.
- Malware file hosting location – Malware existing on a publicly available site.
- Malware command and control (C2) – A host location identified as a C2 server for malware campaigns.
The widespread adoption of these techniques points toward a larger trend: Internet fraud. The numbers aren’t available yet, but it appears that ransomware attacks declined somewhat in 2022 as malicious actors sought to diversify into other methods. The general category of Internet fraud can be defined as any type of scheme that uses components of the internet (e.g., chat, email, website) to publish fraudulent solicitations, conduct fraudulent transactions, or transmit proceeds obtained through subterfuge. This shift in tactics means that IT security teams are now finding that breach prevention isn’t always adequate to protect the organization. They also need to be able to uncover incidents that are already underway and mitigate those attacks to limit damage.
How to Fight Back
Infoblox Domain Mitigation Services are designed to help businesses stop internet fraud and cyberincidents from impacting their operations. With features such as incident validation, mitigation, monitoring and reporting, Infoblox provides a comprehensive solution to protect your company from data breaches and malicious attacks.
One of the key features of Infoblox Domain Mitigation Services is validation. Our team offers a unique and proprietary human-driven review of potential internet fraud, providing a detailed summary of our in-depth review. We respond quickly to potential incidents, with initial response times of five minutes or less during regular business hours. Once our review is underway, we can typically remove domestic internet fraud within 24 hours.
Once internet fraud or a cyberincident has been confirmed, Infoblox initiates the mitigation process. Our team applies a continuous removal effort to each case, with multiple escalations for cases that cannot be resolved within 24 hours. We leverage our established relationships with ISPs and communication service providers to prioritize your case in abuse queues and ensure the issue is resolved quickly. We also offer registered trademark enforcement to protect your brand reputation.
In addition to our validation and mitigation services, Infoblox also provides monitoring and reporting to keep track of potential threats. If we determine that suspicious activity does not pose a threat, we will continue to monitor the reported web content for potential malicious changes. We also monitor mitigated threats to address potential reactivation, which we will remove at no additional cost to our clients. Our mitigation services remain in effect for up to 30 days.
Infoblox has deep ties to the ISP and communication service provider community, as well as global regulatory agencies. If we determine that criminal activity has taken place, our team is ready to help clients notify local law enforcement and other government agencies when providers fail to address fraud activity.
With Infoblox Domain Mitigation Services, you can protect your business from internet fraud and cyberincidents and get back on track fast. Our team is dedicated to providing the protection you need to keep your business running smoothly. Don’t let internet fraud and cyberincidents impact your company – choose Infoblox Domain Mitigation Services today.
