Today > 2 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics

Sept. 12, 2024, 8:54 a.m.

Description

From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employing typosquatting and brand impersonation techniques. Google, Microsoft, and Amazon were the most targeted brands, accounting for nearly 75% of phishing domains. Almost half of these domains used free Let's Encrypt TLS certificates to appear legitimate. The .com top-level domain was most prevalent, targeting English speakers. Internet Services, Professional Services, and Online Shopping were the most impersonated sectors. GoDaddy was the most abused domain registrar. Threat actors used these domains for malware distribution, credential theft, scams, and command-and-control communication.

Date

Published: Sept. 12, 2024, 8:23 a.m.

Created: Sept. 12, 2024, 8:23 a.m.

Modified: Sept. 12, 2024, 8:54 a.m.

Indicators

html.phish.google

whatsapp2024.ru

whatsapp-web.cn

play-store-google.com

offlice365.com

onedrivesync.com

googqle.com

googleupdate.vip

adobevn.pro

acrobatbrowser.com

Attack Patterns

TacticalRMM

Atera Remote Access Trojan

T1193

T1071

T1102

T1192

T1036

T1204

T1132

T1027

T1566

T1059

Additional Informations

Professional Services

Retail

Technology