Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics
Sept. 12, 2024, 8:54 a.m.
Tags
External References
Description
From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employing typosquatting and brand impersonation techniques. Google, Microsoft, and Amazon were the most targeted brands, accounting for nearly 75% of phishing domains. Almost half of these domains used free Let's Encrypt TLS certificates to appear legitimate. The .com top-level domain was most prevalent, targeting English speakers. Internet Services, Professional Services, and Online Shopping were the most impersonated sectors. GoDaddy was the most abused domain registrar. Threat actors used these domains for malware distribution, credential theft, scams, and command-and-control communication.
Date
Published: Sept. 12, 2024, 8:23 a.m.
Created: Sept. 12, 2024, 8:23 a.m.
Modified: Sept. 12, 2024, 8:54 a.m.
Indicators
html.phish.google
whatsapp2024.ru
whatsapp-web.cn
play-store-google.com
offlice365.com
onedrivesync.com
googqle.com
googleupdate.vip
adobevn.pro
acrobatbrowser.com
Attack Patterns
TacticalRMM
Atera Remote Access Trojan
T1193
T1071
T1102
T1192
T1036
T1204
T1132
T1027
T1566
T1059
Additional Informations
Professional Services
Retail
Technology