Censys: The World of Attack Surface Management
Halloween may be over for another year, but you should still remain vigilant of pesky entities. In particular, lookalike domains are tarnishing the enterprise landscape with their mischievous demeanour, wreaking havoc to render your organisation doppelgänger-ed. Not making sense? Read on for the scary story...
Domain twins, lookalike domains, and even cousin domains are all of a similar threat nature (if their names weren't indication enough) and are all on the rise. Perhaps owed to the increasingly digital landscape, malicious actors are quickly taking advantage of the threat hotspots.
Understanding dark domains
As the titles suggest, lookalike domains relates to copies of websites (ie, are fake). More specifically, malicious actors will create URLs that are similar to, but not exact copies of, that of legitimate websites. Then, they dress their bogus site up to look like the original, thus lording their trickery over innocent enterprises.
What is the impact of this? Well, often, these websites will be imitations of business sites that your organisation may work with. Thus, you or a fellow unwitting employee may use the fake website and, for example, fill out a form. In doing so, you are submitting confidential information to the attacker, such as IP address or money.
A common example of how attackers can deceive you via URL is by using 'r' and 'n' to look like an 'm'. For instance, a copy of our website (don't get any ideas) would appear as 'ern360tech.com'. If you squint or look at it quickly, you can see why someone might miss it – and you knew to expect it. Imagine if you hadn't!
With threats such as this, you can mitigate risk significantly (and cheaply!) through vigilance. In particular, by encouraging a culture of awareness and double-checking, you can quash the likelihood of being caught out. Not only that, but today's landscape necessitates cybersecurity as an enterprise-wide effort, so education is key for those less technically inclined.
Enjoy this article? Why not find out about employee attitudes towards working with AI?