During routine monitoring, Cado Security discovered a typosquatted domain closely resembling its site that redirected to cadosecurity.com, signaling a phishing risk. Cado used dnstwist to map thousands of domain permutations, reported the domain to the registrar, alerted staff, and blocked malicious emails, while noting a broader campaign targeting multiple tech companies. #CadoSecurity #typosquatting #dnstwist #Apiname
Keypoints
- Typosquatting involves registering domains that resemble legitimate organizations to deceive users.
- Cado Security used a tool called dnstwist to identify nearly 9,000 domain permutations related to their corporate domain.
- A malicious domain was registered that redirected to Cado’s legitimate site, indicating a potential phishing threat.
- Further investigation revealed a broader campaign targeting multiple tech companies.
- Cado took proactive actions, including staff notifications, email blocking, and reporting the domain to the registrar.
- Additional fraudulent domains were identified and reported to affected organizations.
- The incident emphasizes the need for vigilance and proactive measures in cybersecurity.
MITRE Techniques
- [T1566] Phishing – Used to lure users via typosquatted domains and potential phishing emails. ‘Threat actors may create typosquatted domains to trick users into visiting fraudulent sites.’
- [T1583.001] Acquire Infrastructure: Domains – Registration of domains that closely resemble legitimate domains to mislead users. ‘Registration of domains that closely resemble legitimate domains to mislead users.’
Indicators of Compromise
- [Domain] Typosquatted domains involved in campaign – biaizetech[.]com, cadosecurlty[.]com, and 15 more domains
- [IP Address] Malicious IP resolved by the domain – 94[.]154[.]35[.]15
Read more: https://www.cadosecurity.com/blog/vigilance-in-action-monitoring-typosquatting-domains