paint-brush
Attack Surface Management: A Look into Wild Domain and Subdomain Footprints by@WhoisXMLAPI
348 reads
348 reads

Attack Surface Management: A Look into Wild Domain and Subdomain Footprints

by WhoisXML APINovember 19th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

WhoisXML API has developed a suite of Attack Surface Management (ASM) Solutions to help organizations cope with the exponential growth of the global domain attack surface. Typosquatting domains could amplify the total domain attack surfaces of the 10 spoofed brands by more than 8,000%. Apple had the largest potential domain attack Surface size, with 54,187 possibly suspicious domains and subdomains. The study shows that organizations’ attack surface sizes can be quite large, but that does not make attack surface reduction too far-fetched.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Attack Surface Management: A Look into Wild Domain and Subdomain Footprints
WhoisXML API HackerNoon profile picture

Attack surfaces comprise the many ways threat actors can exploit a connected environment to access confidential data, and surfaces tend to get larger as organizations take steps toward digital transformation.

As part of these surfaces, we noticed the growing presence of wild domains and subdomains. “Wild,” in this case, means that the domains contain the names of large brands and organizations, though their legitimacy is hard to establish since there is no public evidence of their ownership. In short, we can’t say for sure who is behind these domains and associated subdomains, which is risky from a cybersecurity standpoint.

We refer to the sum of these wild domains as “domain attack surfaces.” That is because wild domains could arguably and damage the reputation of impersonated organizations.

To illustrate, we recently conducted a study that looked at the domain and subdomain footprints of 10 of the world’s most imitated brands today, namely:

  • Amazon
  • Apple
  • Bank of America
  • CIBC
  • Desjardins
  • Facebook
  • Microsoft
  • Netflix
  • PayPal
  • WhatsApp

A combination of Domain Name System (DNS), WHOIS, and IP intelligence sources, available as part of ’s Attack Surface Management (ASM) Solutions, was used to uncover and study the wild domains and subdomains that contain the companies’ brand names. Here are some of our key findings.

1. Companies Could Be Dealing with Thousands of Vectors

On average, the detected domain attack surface size of the 10 spoofed brands comprised as many as 17,734 domains and subdomains. Apple had the largest potential domain attack surface, with 54,187 possibly suspicious domains and subdomains. CIBC had the smallest, but the count still reached more than 1,000 domains and subdomains.

These numbers include subdomains (WARNING -- do not visit) that contain the brand names, such as:

Most of the examples above have been tagged as “verified phishing sites” by PhishTank. They also give us a glimpse of the threat actors’ tactics, which could include registering seemingly innocent or random-looking root domains and setting up subdomains that could contain the brand names later on—all that in an attempt to look legitimate and trustworthy.

2. Typosquatting Domains Can Inflate Domain Attack Surfaces

Aside from subdomains that contain the spoofed brand names, the domain attack surface could also include typosquatting domains or domain names that use misspelled variations of the brand. Our study discovered that typosquatting domains could amplify the total domain attack surface of the 10 brands by more than 8,000%.

A total of 369 root domains in the study were found via our Typosquatting Data Feed, but more than 29,000 unique typosquatting domains were found for all 10. Table 1 shows the number of typosquatting domains found for each brand, along with the percentage by which the domain attack surface size could increase when they are taken into account.

Table 1: Typosquatting Domains Found for Each Brand

Is Attack Surface Reduction Possible?

The study shows that organizations’ attack surface sizes can be quite large. But that does not make attack surface reduction too far-fetched.

WhoisXML API has developed a suite of Attack Surface Management (ASM) Solutions to help organizations cope with the exponential growth of the global domain attack surface. Our ASM Solutions is fueled by DNS, WHOIS, and IP intelligence, the same tools used in our study. These solutions allow security teams to monitor their organizations’ vast digital footprints.

바카라사이트 바카라사이트 온라인바카라