Cybersquatting in B2B Ecommerce
EDITOR’S NOTE: Today’s article is a guest post by Clayton Dillard, President of Legion Cyberworks. Legion provides cybersecurity, threat detection, and threat mitigation to the Corevist Commerce technology stack.
B2B ecommerce opens up all kinds of possibilities for business. It’s the way the world is moving, and smart manufacturers and distributors are getting on board. But like anything on the web, B2B ecommerce becomes vulnerable to cyberattacks if it isn’t protected by professionals. (Hint: That’s us!)
Cybersquatting is one of the most dangerous forms of cyberattack. It’s easy to fall prey if you aren’t careful when you type in a domain name or click a link in an email. However, because cybersquatting depends on typos (which are obvious once you look for them), it’s also easy to avoid becoming a victim. All it takes is a careful eye.
Here’s how cybersquatting affects B2B ecommerce–and what you can do about it.
What is Cybersquatting (aka. typo-squatting)?
To understand cybersquatting, we first need to understand how domain names work. If you’re already familiar with this, you can skip to the next section.
Communicating on the Internet involves numbers called IP addresses, and domain names which point to IP addresses. Most folks prefer not to have to remember IP addresses like 126.96.36.199, so we use domain names like legioncyber.com instead. Cybersquatting is the practice of criminals registering a domain name for the purpose of engaging in some form of Internet-based crime.
Here’s what this looks like in real life. Say a hacker is targeting your organization (Forenza, Ltd – forenzaltd.com) with the end goal of penetrating your systems and networks to steal your trade secrets and other valuable intellectual property. In our example, the hacker (let’s call him Bill) registers a new domain of forenzatld.com.
Take a moment and compare those two domains. Can you spot the difference?
The malicious domain is visually close to your domain, and that’s by design. It’s part of the attack.
After registering the domain, Bill targets your employees in a phishing attack by sending emails from [email protected]. He explains that there was a benefits mixup and instructs the recipients to open the attached PDF and confirm their personal details are correct. The story goes on, but Bill’s PDF is malicious. Once opened, it gives him complete control of the end-user’s computer. From there, he establishes a base of operation inside your network.
What are the business risks of cybersquatting?
Many business risks can be attributed to cybersquatting. They range from a data breach as described in the example scenario above, to fraudulent wire transfers resulting in direct monetary losses, to the resulting costs associated with remediation, which average 46 days to complete at an average cost of $21,155 per day. (2016 Ponemon Cost of a Data Breach Report: US)
Moreover, your business may experience operational slowdowns or stoppages, lost employee productivity, and damage to your brand and reputation. In addition, you may have to foot enormous legal bills due to consumer or patient records breaches that originated through cybersquatting.
How do I know if this is happening to my firm?
There are online and offline tools you can use to monitor for cybersquatting. High-Tech Bridge provides an online tool at https://www.htbridge.com/radar/ that can be used to check your domains for indicators of cybersquatting.
For offline testing, you can use a command-line tool like URLCrazy or DNStwist. This can also be scripted and scheduled to run periodically, and even provide reports via email.
It is best to run checks frequently so that you can analyze the results, rule out false positives, document actual cybersquatting attacks within your SOC/IRT’s ticketing system, and take appropriate action to protect yourself and your customers and partners.
What steps is Corevist taking to guard against cybersquatting?
Corevist is partnering with us at Legion Cyberworks to detect and respond to cybersquatting (as well as other forms of hacking and cyber-attacks). In partnership with Corevist, we’re running all the monitoring methods listed above. While we can’t prevent hackers from registering malicious domain names, we can maintain visibility into the situation. That gives us and the Corevist team ample opportunity to inform clients of emergent threats.
What can you do about it?
While Corevist monitors all sites running Corevist Commerce for threats, you should consider running your own tests in parallel. Searching for instances of cybersquatting should be part of your firm’s ongoing threat intelligence operations. The process for this should be something akin to the following.
- Run your online and/or offline checks manually or via automated processes
- Log any potential cybersquatting incidents in your ticketing system and include all of the relevant details including WHOIS information, MX records, contact information, domain.
- Collect results and determine legitimate cases of malicious cybersquatting. This will require a SOC (Security Operations Center) analyst to manually review and vet the results.
- Close out tickets for false positives indicating that the investigation was done and the domain was legitimate and not used for nefarious purposes.
- Work tickets where infringement and potential nefarious purposes are likely or ongoing.
- Document all of the details about the domain
- Contact the Registrar and the Registrant and inform them of the abuse
- Work with your IT and/or Security team to have them DNS blackhole the malicious domain(s) and add filters to your inbound email platform to quarantine all email from those domains.
- You may need to work with senior management, legal, PR, or another department depending on your organizational structure and procedures. This is especially important if there was any kind of security breach associated with the malicious domain. Any communication to law enforcement or external parties (such as clients or partners) should always be reviewed and approved by the appropriate personnel before being released.
- It is a good idea to include the topic of cybersquatting | domain squatting | typo-squatting in your periodic employee security awareness training.
- Close your completed tickets with full details including investigation data and results, internal communications and decisions, and the final disposition. It’s a good idea to provide a summary of these tickets to the CISO/CSO to keep them abreast of this part of the threat landscape.
Rest assured that when it comes to your Corevist Commerce store, Corevist and Legion Cyberworks have you covered. If you have any questions about cybersquatting or cybersecurity in general, don’t hesitate to get in touch. You can find us at LegionCyber.com.
FREE Case study: 150% Sales Growth with Rich Content
Talk to us