Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD
نویسندگان
چکیده
Abstract. This study extensively scrutinizes 14 months of registration data to identify large-scale malicious campaigns present in the .eu TLD. We explore the ecosystem and modus operandi of elaborate cybercriminal entities that recurrently register large amounts of domains for one-shot, malicious use. Although these malicious domains are short-lived, by incorporating registrant information, we establish that at least 80.04% of them can be framed in to 20 larger campaigns with varying duration and intensity. We further report on insights in the operational aspects of this business and observe, amongst other findings, that their processes are only partially automated. Finally, we apply a post-factum clustering process to validate the campaign identification process and to automate the ecosystem analysis of malicious registrations in a TLD zone.
منابع مشابه
Title : Increasing DNS Security and Stability through a Control Plane for Top - level Domain
We present a control plane for operators of Top-level Domains (TLDs) in the Domain Name System (DNS), such as “.org” and “.nl”, that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator’s traditional services and detects potential threats in the TLD by continuousl...
متن کاملMaster Thesis as part of the major in Security & Privacy at the EIT Digital Master School SIDekICk SuspIcious DomaIn Classification
The Domain Name System (DNS) plays a central role in the Internet. It allows the translation of human-readable domain names to (alpha-) numeric IP addresses in a fast and reliable manner. However, domain names not only allow Internet users to access benign services on the Internet but are used by hackers and other criminals as well, for example to host phishing campaigns, to distribute malware,...
متن کاملRAPTOR: Ransomware Attack PredicTOR
Ransomware, a type of malicious software that encrypts a victim’s files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes in the past few years. In this paper, we present RAPTOR, a promising line of defense against ransomware attacks. RAPTOR fingerprints attackers’ operations to forecast ransomware activity. More specifi...
متن کاملThe model of Entrepreneurial Ecosystem Formation in Iran for Social and Cultural Development in Industry Domain using Grounded Theory
Entrepreneurship ecosystem is a combination of cultural, economic, political and social elements within an area interacting with each other to entrepreneurial activity in an environment conducive. The present study aims to achieve a model for the formation of entrepreneurial ecosystem in Iran using Grounded Theory. The main basis of data collection in this theory is to conduct semi-structured i...
متن کاملThe Long "Taile" of Typosquatting Domain Names
Typosquatting is a speculative behavior that leverages Internet naming and governance practices to extract profit from users’ misspellings and typing errors. Simple and inexpensive domain registration motivates speculators to register domain names in bulk to profit from display advertisements, to redirect traffic to third party pages, to deploy phishing sites, or to serve malware. While previou...
متن کامل