DomainTools Presents “Patterns of Malicious Infrastructure (Re)Use in Ukraine-Themed Domains” at mWISE Conference 2022

Internet Intelligence Experts to Share Insights on Patterns of High-Risk Domains Related to the Russian Invasion of Ukraine


SEATTLE, Sept. 28, 2022 (GLOBE NEWSWIRE) -- DomainTools, the leader for Internet intelligence, today announced that Aaron Gee-Clough and Tim Helming will be featured presenters at the mWISE Conference 2022 being held October 18-20, 2022, at the Washington Hilton in Washington, DC.

mWISE, the Mandiant Worldwide Information Security Exchange, expands upon the 11-year history of Mandiant Cyber Defense Summit. The inaugural, vendor-neutral conference will bring together the global cyber security community to convert knowledge into collective action in the united fight against persistent and ever-evolving cyber threats.

In the session, Gee-Clough, DomainTools senior data engineer and Helming, security evangelist, will demonstrate real-world examples of a domain bloom. “Domain Blooms” are a rise in domain registrations containing a specific word, followed by a gradual decline. In this case, they will be examining a bloom where the domains contain the word "Ukraine," “Ukrainian,” and the Cyrillic version of “Ukraine.” This bloom corresponded with the Russian invasion of Ukraine. Their analysis shows an elevated risk level compared to the Internet as a whole, but perhaps more importantly, found "hotspots" of even more concentrated phishing, malware, and spam activity tied to certain features (IP address, name server, ASN, etc.).

“By analyzing connections found in some of these values, we have identified other clusters of malicious infrastructure that extended beyond the Ukraine theme, pointing toward other campaigns centered on patterns such as cryptocurrency, spoofing of legitimate enterprises like technology companies, banks, gaming, and others,” explained Helming.

The work performed by DomainTools underscores the continuing value of infrastructure analysis as an approachable method for identifying and isolating harmful assets threatening protected environments.

“Patterns of Malicious Infrastructure (Re)Use in Ukraine-Themed Domains” will take place at 11:45am PT on Wednesday, October 19. For the full agenda, visit https://mwise.mandiant.com/event/d4bc98ec-f502-4acc-afc7-d9e9b960bb18/websitePage:a325af6e-7b84-43b6-bd10-ddf565509e0f

About DomainTools
DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world's most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape. DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time. Visit domaintools.com to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.
For more information visit www.domaintools.com and follow us on Twitter and LinkedIn.

 

Contact Data