One of the leading DNS cybersecurity companies, DomainTools, has announced they have acquired another leading DNS cybersecurity company Farsight Security.
Farsight Security announced a new grant programme last week that provides free access to their DNSDB, which they describe as the worldâs largest passive DNS database, for investigative reporters.
Farsight explains that the Domain Name System (DNS), as the infrastructure of the Internet, records every action online and this leaves behind a digital trail of DNS assets. Starting with a suspicious IP address or domain name, leading news organisations use DNSDB to uncover and confirm previously hidden or known information for stories about disinformation campaigns, fraud, election security, and other breaking news.
âThis DNS tool is astounding,â an anonymous investigative reporter, for a national broadcast network, said in a quote used by Farsight. âItâs a powerful tool thatâll help me keep people accountable.â
Internet pioneer and Farsight Security CEO Dr. Paul Vixie will conduct a hands-on training class entitled, âFinding the story: Using DNS Search for Investigative Journalismâ at the 2019 Computer-Assisted Reporting Conference (CAR) Conference, an annual conference devoted to data journalism that will take place in Newport Beach, California, March 7th â 10th, 2019.
To honour its commitment to making the Internet safer for all users, Farsight Security has always offered grants for DNSDBÂ® and other DNS Intelligence solutions to vetted researchers, law enforcement, and other non-profits. As part of its new Journalism Grants programme, Farsight will offer qualified investigative reporters free access to Farsight DNSDB. Among the grant requirements, reporters must:
- Work for a major print, broadcast or online news organisation
- Work as an investigative reporter, editor or data journalist
- Attend a two-hour media workshop DNSDB training course
More details on the programme and to apply for a grant to use DNSDB, visit here. The program is available now and is free for qualified journalists.
Unwitting mobile internet users are becoming the victims of an ongoing internationalised domain name (IDN) homograph-based phishing campaign. The suspected phishing websites purport to be those of commercial airline carriers, including Delta, RyanAir and EasyJet, and are offering free tickets, but, instead, appear to subject the user to a bait-and-switch scam according to research from Farsight Security.
The suspected phishing websites present the user with the promise of free airline tickets if they answer four innocuous questions (the responses don't seem to matter) Farsight report. Once the user answers the questions, they’re instructed to share the “offer” with 15 WhatsApp contacts before being redirected to another URL where presumably the user is prompted to enter credit card details.
As Farsight observed, the domain names for the suspected phishing sites are IDN homographs (lookalikes of well-known sites that switch out certain Basic Latin characters for homoglyph characters from similar scripts). They presented as being sourced from Delta Airlines, EasyJet and RyanAir
Farsight note that those familiar with current and recent phishing campaigns will recognise that this campaign appears to be a fork of the recent “Free Adidas” phishing campaign. This particular campaign underscored how easily a brand on the Internet can be used fraudulently and one campaign can be repurposed to attack a different and unrelated sector.
In an effort to make the pages seem more legitimate and familiar, they all include a Facebook-like section where it is made to appear as though a number of users have liked or loved the “post” along with a handful of positive comments.
Internationalised Domain Name homographs, or lookalike domain names, which are easy to register and often undetected by traditional security solutions, are increasingly being used to commit phishing and other malicious activities a report released this week by Farsight Security has found. Unsurprisingly .com, where most global brands register their domain names, was found the TLD with the most problems, accounting for over half of the IDN homographs. Continue reading IDN Homographs Increasingly Used To Commit Phishing And Other Malicious Activities: Farsight
Dr. Paul Mockapetris created the Domain Name System (DNS) in 1983 with anÂ initial goal of replacing the centralized host table of names with aÂ decentralized database, but it was always intended to be extensible toÂ new problems and applications.Â Today, DNS is the backbone of theÂ Internet, enabling all online transactions, good or bad, around theÂ world.
In a rare conversation, ThreatSTOP Chief Scientist Dr. PaulÂ Mockapetris, the inventor of DNS, and Farsight Security CEO Dr. PaulÂ Vixie, who designed, implemented and deployed several DNS protocolÂ extensions and applications that are used throughout the Internet today,Â will discuss a number of topics including:
- Â The evolution of DNS and how it has been weaponized by cybercriminals to commit fraud, espionage and other cybercrime
- Â Specific DNS-based techniques used by the bad guys to infiltrate today’s enterprises
- Â How organizations can play offense against these attacks, including utilizing the DNS to better secure their infrastructure, intellectual property and customers.
- Â The future of DNS â and its pivotal role in security moving forward
Information shared during this webinar will be valuable across everyÂ vertical industry — don’t miss this special event.
A Conversation with Dr. Paul Mockapetris and Farsight Security CEO Dr. Paul Vixie
Live Interactive Webinar: Tuesday, February 27th 1:00 pm Eastern, 10:00 am Pacific
To register for this Farsight webinar, go to:
About the Speakers
Dr. Paul Vixie: Chairman, CEO & Co-founder of Farsight Security Inc.
Inducted into the Internet Hall of Fame in 2014, Dr. Vixie designed, implemented and deployed several DNS protocolÂ extensions and applications that are used throughout the InternetÂ today. Prior to Farsight, he served as President, Chairman, andÂ founder of Internet Systems Consortium (ISC); as President ofÂ MAPS, PAIX, and MIBH; and as CTO of Abovenet/MFN. He served on theÂ ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008Â and 2009. Dr. Vixie is a founding member of ICANN Root Server SystemÂ Advisory Committee (RSSAC) and ICANN Security and StabilityÂ Advisory Committee (SSAC).
Dr. Paul Mockapetris, the inventor of DNS and
Chief Scientist at ThreatSTOP
Paul invented the DNS while at USCâs Information Sciences Institute, and oversaw its root servers during its early years. He subsequently served as program manager at (D)ARPA, IETF Chair, and Division Director at ISI before turning to the startup world. He was founder at the first large scale Internet over cable ISP @Home, CTO at Software.com and Fiberlane, and Chief Scientist at Nominum. He became an Inaugural member of the Internet Hall of Fame, and is a fellow of the ACM, IEEE, and the National Academy of Engineering. He is the recipient of the IEEE Internet Award and the ACM Sigcomm Award. He earned learnerâs permits in Physics and EE from MIT, and a PhD in Information and Computer Science from UC Irvine.
In December 2016, the FBI and DHS released a Joint Analysis Report entitled, âGRIZZLY STEPPE â Russian Malicious Cyber Activityâ about an ongoing cyber campaign against U.S. elections, government and itsâ citizens.
In this webinar, âThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe),â Kyle Ehmke, Threat Intelligence Research Team, ThreatConnect, Inc. and Eric Ziegast,Â Distinguished Distributed Systems EngineerÂ at Farsight Security, Inc., will detail indicators listed in this report — including over 870 IP addresses for a variety of Russian actors — as well as reveal new information about this investigation.
They will reveal howÂ over 100 additional indicators wereÂ identified usingÂ the ThreatConnect platform integrated with Farsight historical passive DNS database, DNSDB. They will also reveal indicators possibly tied to the FANCY BEAR cyberespionage group and how FANCY BEAR sets up its malicious infrastructure.
About the presenters
Farsight Security and iThreat Cyber Group demonstrate how iThreatâs CyberTOOLBELT platform and Farsight Securityâs passive DNS data unravelled a deceitful drug rehabilitation operation starting with a single domain only and expanding it to the key individuals behind the operation and the laws they were breaking.
CyberTOOLBELT builds upon Farsightâs passive DNS by enhancing it with blocklist, and whois information, creating a platform that serves as a starting point in any domain or IP investigation by quickly providing a contextual overview of the data point of interest.
Key Points Covered include:
- An overview of the Passive DNS
- How cybercriminals use both legitimate and malicious subdomains to gain entry
- The steps security teams can take to uncover a single subdomain abuse and broaden that search to an entire landscape.
The webinar will be held on 28 September from 10:00 to 11:00 US Pacific Time.
The presenters are:
- Daniel Schwalbe
Director Of Engineering & Deputy CISO at Farsight Security
- Chad Los Schumacher
Team Lead Investigator, CyberTOOLBELT
- Michael Lewis
Chief Technology Officer, CyberTOOLBELT