Phishing Attacks Increasingly Launched using Newly Registered Domains, Shows Retarus’ Analysis

Phishing Attacks Increasingly Launched using Newly Registered Domains, Shows Retarus’ Analysis

Around 80 percent of targeted cyberattacks are carried out by way of attachments or links in emails. This figure has remained relatively constant. The best protection: thoroughly examine each inbound email for criminal contents. When it comes to detecting harmful phishing links, however, a new trend has recently been recognized.

Increasingly, domains which have recently been registered are being used to facilitate malicious campaigns. In many cases, these newly set up internet addresses are created using domain generation algorithms and then used exclusively for criminal purposes.

Phishing protection at the domain level

Phishing filters need to be capable of considering this factor in their analyses, allowing these suspicious URLs to be blocked dependably. At Retarus, in addition to examining the content of the linked (malware or phishing) website itself, we have responded to this development by taking into account the time at which the domain has been registered. The category of risk is always assigned at the domain level, which provides a crucial benefit for the level of protection. As the classification is partly extended to all URLs belonging to a domain, phishing variants using recently altered addresses are also bound to fail.   

Security experts at Retarus confirm: Up to 70 percent of phishing cases involve new domains

Recent analyses by Retarus’ security experts indicate that across just about all customers, substantially more than half of all blocked phishing messages can be traced back to this single filter criteria. Already this March, it was found that at a large international corporation which safeguards its 100,000 email inboxes with Retarus E-Mail Security such messages accounted for 70 percent of all phishing attempts.

The internal Retarus analysis also confirms that this filter method does not entail any increase in false positives. One of the reasons for this is that it only takes websites into consideration that have been set up with the respective domain registry organization within the past few days. In contrast and practice speaking, it usually takes a lot longer before legitimate emails are sent from a new domain.

Only comprehensive filtering methods achieve the required outcome

Despite the ubiquity of such cases, checking the registration date  needs to remain just one of many measures used to ensure security and protection. That’s why the Retarus Phishing Filter examines inbound emails in real time with a wide range of methods. In this way, even those phishing emails that have not previously been filtered out by the virus scanner or spam filter can be detected. One of the key methods here is to check the message against a wide range of data and sources from renowned, specialized providers.

To prevent spear phishing and social engineering, Retarus additionally identifies and filters out emails from forged sender addresses. This also effectively counteracts CxO fraud.

Moreover, Retarus’ cloud-based Email Security does a real-time check of moreover subjects all web links included in emails – known as Time-of-Click Protection. When a user clicks on a URL, the destination address is always checked anew. If it turns out that the linked website has been identified as a phishing site, a security alert to this effect notifies the user. 

For more information about Retarus’ modular services for the email communication channel please click here.

Tags: //

Submit a Comment

Your email address will not be published. Required fields are marked *