Early warning on phishing

Sunrise over the marsh with man holding a fly rod and reel

Written by Gavin Rawson, Technical Lead, Nominet

Bad news sells, and cyber breaches and attacks on well-known businesses is a hot topic for the press. In the past fortnight alone, the international football governing body FIFA has joined the likes of HSBC and Cathay Pacific with admitting to data breaches and cyber incidents that will have compromised customer details or sensitive internal data.

Unfortunately, many of these admissions come weeks if not months after the incident. While the delay may mitigate backlash and reputation loss for the company, it can have repercussions for customers in the long run, especially those who re-use passwords (not good practice) for multiple accounts. In the UK and across the EU, companies are now forced to admit breaches due to GDPR within 72 hours, but those in other places often face no financial penalty and therefore prefer to keep it quiet if they can, or at least delay any communications around it.

For banks such as HSBC, the inclination to downplay incidents is strengthened by the fact that financial institutions are attractive targets for the cyber criminal seeking money. Phishing scams have proven themselves as an effective means to swindle cash out of customers or seize bank account details, and so criminals increasingly seek domain names that closely resemble banking websites to aid their deceptions.

We know this is true because of the proactive security work we do at Nominet to try and clamp down on criminals within the UK’s namespace, in our role as .UK domain registry. Not only do we work to promptly suspend suspicious domains at registration, we can also spot criminal activity across the Domain Name System (DNS) using innovative technologies and software we have developed in-house.

In respect to phishing activity, we are on the look-out for any unusual traffic patterns across the DNS in the hope we can mitigate activity before it causes damage. In an event that occurred last week, we spotted a spike of traffic from a domain name that, upon investigation, was mimicking the name of a well-known bank. By cross-checking in our systems, we were able to determine that the newly-registered domain was a fraudulent one being used maliciously, and we suspended it before the phishing campaign could gain momentum.

This is a bad news story that didn’t happen. This is an incident that won’t make the headlines, or cause banking customers to lose money or faith in their financial institution. This is a cyber breach that has been abated and will likely go unnoticed, but it’s a great find for our analytics tool, which spotted the activity before any of the others we track via our third-party intelligence feeds. Considering the potential for a single domain to send out millions of phishing emails shortly after being registered, our tech team can take immense pride in the part they can play.

More importantly, however, it’s a story that can serve a higher purpose than to merely shout about a success. By drawing attention to near misses such as this, all those not working in cyber security on a daily basis can be reminded that the digital world carries risk that we must protect ourselves against. Downplaying risk might protect reputation now – and a good news story doesn’t sell pixels or papers – but keeping quiet about cyber security won’t help protect customers or help us to make the internet a safer place for all who use it.

Originally posted here

Find More thought leadership

Comments are closed.