Since more organizations accept DMARC and implement domain -based protection, the new threat vector focused: brand questioning. The attackers register domains that closely bring legitimate brands, use them to host phishing sites, send deceitable e -mail, and report users with cloned login pages and family visual assets.
In 2024 we identified more than 30,000 looking domains. These campaigns are rarely technically sophisticated. Instead, they rely on the shades of trust: the name that seems to be known, the logo in the right place or the e -mail feeling from the domain that is almost indistinguishable from the real.
Although the tactics are simple, the defense is not against them. Most organizations still lack the visibility and context needed to detect and respond to these threats with confidence.
The range and speed of the risk for the impossible
Lookalike domain registration is fast and cheap. Routiners Buy Dumains, which differ from legitimate, single feature, a conqueror, or a change in the top-education domain (TLD). It is difficult to detect these fine variations, especially on mobile devices or when users are distracted.
| Lookalike domain | Tactics used |
|---|---|
| Acmebаnk.com | Homography (Cyrillic ‘and’) |
| Acme-bank.com | Hypha |
| Acmebanc.com | Substitution |
| Acmebank.co | TLD changes |
| Acmebank-login.com | Word |
In one recent example, the attackers created a convincing view of the well -known logistics platform and used it to issue accompanying brokers and diversion of real shipments. The resulting frauds have led to surgical disturbances and substantial losses, with estimates of industry for comparable attacks ranging from $ 50,000 to more than $ 200,000. While domain registration was simple, the resulting operating and financial falls was something other than.
Although each domain may seem low risk of insulation, the real challenge lies in the scale. These domains are often short -term, often rotate and difficult to watch.
In defenders, it is clear volume and variation from them to install sources that are institutional resources. Open Internet monitoring is time-consuming and often-if each domain must be analyzed to assess whether it is a real risk.
From noise to signal: realizing data on the design of the brand
The challenge for security teams is not the absence of data – it is a stunning presence of raw, unskilled signals. Thousands of domains are registered for daily, which could be credibly used in pre -faced campaigns. Some are harmless, many of them are not, but the distinction between them is far from straightforward.
Tools such as feed for threats and registrar warning, surface potential risks, but often lack the context needed for informed decisions. Consistency of keywords and registration formulas do not reveal where the domain is alive, harmful or targeting a specific organization.
As a result, teams face an operational narrow list. It is not just a warning management – they are ambiguity without sufficient structure to prefer what matters.
A way to turn RAW domain data into a clear and preferential signaling that integration as the safety teams already evaluate, sort and respond.
Expanding coverage beyond the domain you own
Cisco has long helped organizations expect that the exceeding Thrush Dmarc, delivered via Red Sift Ondmarc. However, the attacks are beyond the domain you own, Cisco has expanded its domain protection offer to include the Red SIFT brand, domain and brand protection to monitor and respond to Lookalike’s domain threats on a global scale.
Red Soft Brand Trust brings structured Viscubits and a response to traditionally noisy and difficult-interpretation space. His basic abilities include:
- Internet detection of Lookalike Visual, phonetic and structural analysis to surface domains designed
- Detection of A-Powred asset detection To identify branded assets used in phishing infrastructure
- Infrastructure intelligence that ownership and indicators of risks IP surfaces
- The first and agent AI that acts as a virtual analystImitating human control to classify Lookalike domains and emphasize candidates to stop spreading speed and confidence; Read how it works
- Integrated Escalating workflows That let the security teams take off the malicious pages quickly
Given that Ondmarc and Brand Trust are now available through Cisco Solutionsplus, security teams can accept a unified, scalable access to domain and brand protection. This means an important shift for a threat that increasingly involves infrastructure outside the control of the organization, where the brand itself is often input.
For more information about domain protection, see Cisco PartryShip Redsift.
We would like to hear what you think! Ask and stay in conjunction with Cisco Security on social media.
Cisco Security Social Media
LinkedIn
Facebook
Instagram
X
Share:
(Tagstotranslate) domain personification