Summary:
As Thanksgiving approaches, cyber threat actors exploit holiday-related domains to lure victims. Recent research uncovered numerous malicious domains and IP addresses linked to Black Friday and Thanksgiving-themed cyber attacks, highlighting the need for vigilance during this shopping season.
#ThanksgivingThreats #BlackFridayScams #CyberAwareness
As Thanksgiving approaches, cyber threat actors exploit holiday-related domains to lure victims. Recent research uncovered numerous malicious domains and IP addresses linked to Black Friday and Thanksgiving-themed cyber attacks, highlighting the need for vigilance during this shopping season.
#ThanksgivingThreats #BlackFridayScams #CyberAwareness
Keypoints:
- 318 email-connected domains identified, with one deemed malicious.
- 786 IP addresses discovered, 635 of which were malicious.
- 1,975 IP-connected domains found, with two classified as malicious.
- 3,521 string-connected subdomains analyzed.
- Bulk WHOIS lookup revealed 2,091 blackfriday domains and 233 thanksgiving domains.
- Majority of domains were created from 2023 onward, indicating recent registration trends.
- Threat Intelligence API flagged four domains as associated with various threats.
- Geolocation analysis showed malicious IP addresses spread across 32 countries, predominantly in the U.S.
- 76 different ISPs managed the identified malicious IP addresses, with Cloudflare leading the count.
MITRE Techniques
- Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
- Phishing (T1566): Employs deceptive emails and websites to trick users into revealing sensitive information.
- Malware (T1203): Distributes malicious software through various means, including email attachments and compromised websites.
- Exploitation of Public-Facing Application (T1190): Targets vulnerabilities in publicly accessible applications to gain unauthorized access.
IoC:
- [domain] blackfriday-best-deals[.]com
- [email] feiraochevro[.]com
- [ip address] 103.169.142.0
- [ip address] 216.239.32.21
- [ip address] 3.13.222.255
- [ip address] 44.227.65.245
- [ip address] 51.91.236.255
Full Research: https://circleid.com/posts/uncovering-potential-black-friday-and-thanksgiving-threats-with-dns-data