Tag Archives: Farsight Security

Farsight Security Debuts Investigative Reporter Grants Programme With Free DNS Database Access

Farsight Security announced a new grant programme last week that provides free access to their DNSDB, which they describe as the world’s largest passive DNS database, for investigative reporters.

Farsight explains that the Domain Name System (DNS), as the infrastructure of the Internet, records every action online and this leaves behind a digital trail of DNS assets. Starting with a suspicious IP address or domain name, leading news organisations use DNSDB to uncover and confirm previously hidden or known information for stories about disinformation campaigns, fraud, election security, and other breaking news.

“This DNS tool is astounding,” an anonymous investigative reporter, for a national broadcast network, said in a quote used by Farsight. “It’s a powerful tool that’ll help me keep people accountable.”

Internet pioneer and Farsight Security CEO Dr. Paul Vixie will conduct a hands-on training class entitled, “Finding the story: Using DNS Search for Investigative Journalism” at the 2019 Computer-Assisted Reporting Conference (CAR) Conference, an annual conference devoted to data journalism that will take place in Newport Beach, California, March 7th – 10th, 2019.

To honour its commitment to making the Internet safer for all users, Farsight Security has always offered grants for DNSDB® and other DNS Intelligence solutions to vetted researchers, law enforcement, and other non-profits. As part of its new Journalism Grants programme, Farsight will offer qualified investigative reporters free access to Farsight DNSDB. Among the grant requirements, reporters must:

  • Work for a major print, broadcast or online news organisation
  • Work as an investigative reporter, editor or data journalist
  • Attend a two-hour media workshop DNSDB training course

More details on the programme and to apply for a grant to use DNSDB, visit here. The program is available now and is free for qualified journalists.

Unwitting Mobile Internet Users Victims of IDN Homograph-Based Phishing Campaign

Unwitting mobile internet users are becoming the victims of an ongoing internationalised domain name (IDN) homograph-based phishing campaign. The suspected phishing websites purport to be those of commercial airline carriers, including Delta, RyanAir and EasyJet, and are offering free tickets, but, instead, appear to subject the user to a bait-and-switch scam according to research from Farsight Security.

The suspected phishing websites present the user with the promise of free airline tickets if they answer four innocuous questions (the responses don't seem to matter) Farsight report. Once the user answers the questions, they’re instructed to share the “offer” with 15 WhatsApp contacts before being redirected to another URL where presumably the user is prompted to enter credit card details.

As Farsight observed, the domain names for the suspected phishing sites are IDN homographs (lookalikes of well-known sites that switch out certain Basic Latin characters for homoglyph characters from similar scripts). They presented as being sourced from Delta Airlines, EasyJet and RyanAir

Farsight note that those familiar with current and recent phishing campaigns will recognise that this campaign appears to be a fork of the recent “Free Adidas” phishing campaign. This particular campaign underscored how easily a brand on the Internet can be used fraudulently and one campaign can be repurposed to attack a different and unrelated sector.

In an effort to make the pages seem more legitimate and familiar, they all include a Facebook-like section where it is made to appear as though a number of users have liked or loved the “post” along with a handful of positive comments.

IDN Homographs Increasingly Used To Commit Phishing And Other Malicious Activities: Farsight

Internationalised Domain Name homographs, or lookalike domain names, which are easy to register and often undetected by traditional security solutions, are increasingly being used to commit phishing and other malicious activities a report released this week by Farsight Security has found. Unsurprisingly .com, where most global brands register their domain names, was found the TLD with the most problems, accounting for over half of the IDN homographs. Continue reading IDN Homographs Increasingly Used To Commit Phishing And Other Malicious Activities: Farsight

Farsight Security Webinar: Playing Offense with the Domain Name System

Dr. Paul Mockapetris created the Domain Name System (DNS) in 1983 with an initial goal of replacing the centralized host table of names with a decentralized database, but it was always intended to be extensible to new problems and applications.  Today, DNS is the backbone of the Internet, enabling all online transactions, good or bad, around the world.

In a rare conversation, ThreatSTOP Chief Scientist Dr. Paul Mockapetris, the inventor of DNS, and Farsight Security CEO Dr. Paul Vixie, who designed, implemented and deployed several DNS protocol extensions and applications that are used throughout the Internet today, will discuss a number of topics including:

  •   The evolution of DNS and how it has been weaponized by cybercriminals to commit fraud, espionage and other cybercrime
  •   Specific DNS-based techniques used by the bad guys to infiltrate today’s enterprises
  •   How organizations can play offense against these attacks, including utilizing the DNS to better secure their infrastructure, intellectual property and customers.
  •   The future of DNS – and its pivotal role in security moving forward

Information shared during this webinar will be valuable across every vertical industry — don’t miss this special event.

A Conversation with Dr. Paul Mockapetris and Farsight Security CEO Dr. Paul Vixie

Live Interactive Webinar: Tuesday, February 27th 1:00 pm Eastern, 10:00 am Pacific

To register for this Farsight webinar, go to:
https://info.farsightsecurity.com/playing-offense-with-dns

About the Speakers

dr.vixie.1.jpgDr. Paul Vixie: Chairman, CEO & Co-founder of Farsight Security Inc.
Inducted into the Internet Hall of Fame in 2014, Dr. Vixie designed, implemented and deployed several DNS protocol extensions and applications that are used throughout the Internet today. Prior to Farsight, he served as President, Chairman, and founder of Internet Systems Consortium (ISC); as President of  MAPS, PAIX, and MIBH; and as CTO of Abovenet/MFN. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Dr. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Paul-MockapetrisDr. Paul Mockapetris, the inventor of DNS and
Chief Scientist at ThreatSTOP
Paul invented the DNS while at USC’s Information Sciences Institute, and oversaw its root servers during its early years. He subsequently served as program manager at (D)ARPA, IETF Chair, and Division Director at ISI before turning to the startup world. He was founder at the first large scale Internet over cable ISP @Home, CTO at Software.com and Fiberlane, and Chief Scientist at Nominum. He became an Inaugural member of the Internet Hall of Fame, and is a fellow of the ACM, IEEE, and the National Academy of Engineering. He is the recipient of the IEEE Internet Award and the ACM Sigcomm Award. He earned learner’s permits in Physics and EE from MIT, and a PhD in Information and Computer Science from UC Irvine.

 

Webinar: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe)

In this webinar, “ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe),” Kyle Ehmke, Threat Intelligence Research Team, ThreatConnect, Inc. and Eric Ziegast, Distinguished Distributed Systems Engineer at Farsight Security, Inc., will detail indicators listed in this report — including over 870 IP addresses for a variety of Russian actors — as well as reveal new information about this investigation.

They will reveal how over 100 additional indicators were identified using the ThreatConnect platform integrated with Farsight historical passive DNS database, DNSDB. They will also reveal indicators possibly tied to the FANCY BEAR cyberespionage group and how FANCY BEAR sets up its malicious infrastructure.

The webinar will be held on 30 November from 10:00 to 11:00 U.S. Pacific Standard Time. To register go to:
https://cc.readytalk.com/registration/#/?meeting=1dmpr45dclij&campaign=j8rfqz98yruk

About the presenters

Kyle Ehmke
Kyle Ehmke is a threat intelligence researcher with ThreatConnect and has eight years of experience as a cyber intelligence analyst. Kyle is involved with ThreatConnect’s research into Russian election activity and targeted efforts against Bellingcat, WADA, and others.
Eric Ziegast
Eric Ziegast is a Distinguished Distributed Systems Engineer for Farsight Security. As one of Farsight’s founding engineers, Eric helped develop the Security Information Exchange (SIE) and continues to provide support to the Engineering and Research teams.  He has spoken about SIE, Passive DNS, DDoS attacks, sinkhole collaboration and other topics at industry events including NANOG, M3AAWG, ICANN, DNS-OARC, FIRST and ISOI.

Connecting the Digital Dots: From a Single Domain to a Deceitful Operation: Farsight Webinar

Farsight-Orange-Vector-LogoFarsight Security and iThreat Cyber Group demonstrate how iThreat’s CyberTOOLBELT platform and Farsight Security’s passive DNS data unravelled a deceitful drug rehabilitation operation starting with a single domain only and expanding it to the key individuals behind the operation and the laws they were breaking.

CyberTOOLBELT builds upon Farsight’s passive DNS by enhancing it with blocklist, and whois information, creating a platform that serves as a starting point in any domain or IP investigation by quickly providing a contextual overview of the data point of interest.

Key Points Covered include:

  • An overview of the Passive DNS
  • How cybercriminals use both legitimate and malicious subdomains to gain entry
  • The steps security teams can take to uncover a single subdomain abuse and broaden that search to an entire landscape.

The webinar will be held on 28 September from 10:00 to 11:00 US Pacific Time.

The presenters are:

  • Daniel Schwalbe
    Director Of Engineering & Deputy CISO at Farsight Security
  • Chad Los Schumacher
    Team Lead Investigator, CyberTOOLBELT
  • Michael Lewis
    Chief Technology Officer, CyberTOOLBELT

To register, go to:
https://cc.readytalk.com/registration/#/?meeting=xg6kqs9osia4&campaign=wmvg7x6537xj