Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams

Dec. 9, 2024, 12:01 p.m.

Description

Threat actors exploit high-profile events like global sporting championships to launch attacks through phishing and scams. The analysis focuses on trends in domain registrations, DNS traffic, URL traffic, active domains, verdict change requests, and domain textual patterns. Case studies include observations related to the 2024 Summer Olympics in Paris. Metrics to watch include domain registration trends, textual patterns in deceptive domains, DNS traffic anomalies, and URL traffic patterns. The report highlights the importance of proactive monitoring and analysis of these trends to identify and mitigate threats early. Specific examples of network abuses related to the Paris Olympics are provided, including suspicious domain registrations, DNS traffic spikes, and scam campaigns.

External References

https://unit42.paloaltonetworks.com/suspicious-domain-registration-campaigns/
https://otx.alienvault.com/pulse/6753b3e2bc521230d73c5c03
Tags
phishing
dns traffic
olympics
scams
domain abuse
2024-12-07
url filtering
threat monitoring
cybersquatting

Date

  • Created: Dec. 7, 2024, 2:33 a.m.
  • Published: Dec. 7, 2024, 2:33 a.m.
  • Modified: Dec. 9, 2024, 12:01 p.m.

Attack Patterns

  • T1583.001
  • T1589.002
  • T1204.001
  • T1598
  • T1584
  • T1566

Additional Informations

  • China
  • France