Protecting against combosquatting attacks

Combosquatting, which tricks users into visiting domains that contain familiar trademarks with different or additional words, has become a growing problems and can adversely effect users.

01/02/2018


It has been ingrained in computer users' brain to constantly double-check website URLs before clicking on a link. Smart and wily attackers know that and are taking advantage of that practice to trick users into visiting website domains that contain familiar trademarks—but with additional words that change the destination to an attack site.

For example, attackers might register a website with a similar name familiar to users. Unwary users see the familiar bank name in the URL, but the additional hyphenated word means the destination is very different from what was expected. The result could be counterfeit merchandise, stolen credentials, a malware infection—or another computer conscripted into a botnet attack.

Combosquatting, as the practice is known, is a growing threat with millions of domains set up for malicious purposes, according to a new study.

"This is a tactic that the adversaries are using more and more because they have seen that it works," said Manos Antonakakis, an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. "This attack is hiding in plain sight, but many people aren't computer-savvy enough to notice the difference in the URLs containing familiar trademarked names."

Researchers from Georgia Tech and Stony Brook University conducted the study, which is believed to be the first large-scale, empirical study of combosquatting.

Combosquatting differs from its better-known relative, typosquatting, in which adversaries register variations of URLs users are likely to type incorrectly. Combosquatting domains don't depend on victims making typing errors, but instead provide malicious links embedded in emails, web advertising or the results of web searches. Combosquatting attackers often combine the trademarked name with a term designed to convey a sense of urgency to encourage victims to click on what appears at first glance to be a legitimate link.

Fooling the experts

"We have seen combosquatting used in virtually every kind of cyberattack that we know of, from drive-by downloads to phishing attacks by nation-states," said Panagiotis Kintis, a Georgia Tech graduate research assistant who is the first author of the study. "These attacks can even fool security people who may be looking at network traffic for malicious activity. When they see a familiar trademark, they may feel a false sense of comfort with it."

For their study, the researchers began with the 500 most popular trademarked domain names in the United States, and excluded certain combinations made up of common words. They separated the domains into 20 categories, then added two additional domains: One for politics—the study was done before the 2016 election—and another for energy.

With the resulting 268 trademark-containing URLs, they set out to find domain names that incorporated the trademarked name with additional words added at the start or end. They searched through six years of active and passive domain name system (DNS) requests—more than 468 billion records—provided by one of the largest Internet service providers in North America.

"The result was mind-blowing," Kintis said. "We found orders of magnitude more combosquatting domains than typosquatting domains, for instance. The space for combosquatting is almost infinite because attackers can register as many domains as they want with any variation that they want. In some cases, registering a domain can cost less than a dollar."

In the six-year data set, the researchers found 2.7 million combosquatting domains for the 268 popular trademarks alone, and the combosquatting domains were 100 times more prevalent than typosquatting domains. The combosquatting attacks appear to be challenging to combat, with nearly 60% of the abusive domains in operation for more than 1,000 days—almost three years. And the number of combosquatting domains registered grew every year between 2011 and 2016.

Domain takeover

Among the malicious domains, the researchers discovered some that had previously been registered by legitimate companies which had combined words with their trademarks. For some reason, those companies permitted the registrations to lapse, allowing the trademark-containing domain names—which once led to legitimate sites—to be taken over by combosquatting attackers.

In many cases, malicious domains were re-registered multiple times after they had expired, suggesting an improvement in "internet hygiene" may be needed to address this threat.

"Imagine what happens in a city when the garbage isn't picked up regularly," Antonakakis said. "The garbage builds up and you have diseases develop. Nobody collects the garbage domains on the Internet, because it's nobody's job. But there should be an organization that would collect these malicious domains so they cannot be re-used to infect people."

More stringent anti-fraud screening of persons registering domains would also help, he added. "We don't want to prevent legitimate users from getting onto the Internet, but there are warning signs of potential fraud that registrars could detect."

What can be done by ordinary computer users and the organizations where they work?

"Users unfortunately have to be better educated than they are now," Antonakakis said. "Organizations can provide training in the on-boarding process that takes place for new employees, and they can protect their network perimeters to prevent users from being exposed to known combosquatting domains. More needs to be done to address this growing cybersecurity problem."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See related stories from ISSSource linked below.



Top Plant
The Top Plant program honors outstanding manufacturing facilities in North America.
Product of the Year
The Product of the Year program recognizes products newly released in the manufacturing industries.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
June 2018
2018 Lubrication Guide, Motor and maintenance management, Control system migration
May 2018
Electrical standards, robots and Lean manufacturing, and how an aluminum packaging plant is helping community growth.
April 2018
2017 Product of the Year winners, retrofitting a press, IMTS and Hannover Messe preview, natural refrigerants, testing steam traps
June 2018
Machine learning, produced water benefits, programming cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
Spring 2018
Burners for heat-treating furnaces, CHP, dryers, gas humidification, and more
April 2018
Implementing a DCS, stepper motors, intelligent motion control, remote monitoring of irrigation systems
February 2018
Setting internal automation standards

Annual Salary Survey

After two years of economic concerns, manufacturing leaders once again have homed in on the single biggest issue facing their operations:

It's the workers—or more specifically, the lack of workers.

The 2017 Plant Engineering Salary Survey looks at not just what plant managers make, but what they think. As they look across their plants today, plant managers say they don’t have the operational depth to take on the new technologies and new challenges of global manufacturing.

Read more: 2017 Salary Survey

The Maintenance and Reliability Coach's blog
Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
One Voice for Manufacturing
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Maintenance and Reliability Professionals Blog
The Society for Maintenance and Reliability Professionals an organization devoted...
Machine Safety
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
Research Analyst Blog
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Marshall on Maintenance
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
Lachance on CMMS
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
Electrical Safety Update
This digital report explains how plant engineers need to take greater care when it comes to electrical safety incidents on the plant floor.
Maintenance & Safety
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Randy Steele
Maintenance Manager; California Oils Corp.
Matthew J. Woo, PE, RCDD, LEED AP BD+C
Associate, Electrical Engineering; Wood Harbinger
Randy Oliver
Control Systems Engineer; Robert Bosch Corp.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me