Identifying Subdomain Doppelganger Attacks against Companies
Files
Date
2024-01-03
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
7387
Ending Page
Alternative Title
Abstract
Cybercriminals regularly impersonate organizations when carrying out attacks. This paper investigates a tactic that has not been studied previously. In so-called doppelganger attacks, miscreants register domains similar to legitimate subdomains used by organizations. Investigation of domain registration data from 2009-2022 uncovers 84,952 1st-party doppelganger attacks that mimic valid subdomains of organization websites, plus a further 5,448 3rd-party doppelgangers in which service providers used by organizations are impersonated. By analyzing patterns of the gathered data, the paper studies how victims are affected and attackers organize their activities. It is hoped that by raising awareness to this attack technique, future malicious activities may be curtailed.
Description
Keywords
Cyber Operations, Defense, and Forensics, advanced threat detection, business email compromise, cybercrime measurement, typosquatting
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 57th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.