Mohammed Al-Moneer , Regional Director , META at Infoblox
vectors to serve fraudulent content to unknowing website visitors .
• The user must visit the WordPress website from a search engine . For example , the referrer URL can be https :// www . google . com /.
• Cookies are enabled in the user ’ s web browser .
• The user has not visited a VexTrio compromised web page in the past 24 hours .
Prevention and mitigation
Infoblox recommends the following actions for protection from this kind of attack :
• Implementing Infoblox ’ s RPZ feeds in firewalls can stop the connection by actors at the DNS level , as all components described in this report ( compromised websites , intermediary redirect domains , DDGA domains and landing pages ) require the DNS protocol . TIG detects these components daily and adds them to Infoblox ’ s RPZ feeds .
• Leveraging Infoblox ’ s Threat Insight service , which performs real-time streaming analytics on live DNS queries , can provide high-security coverage and protection against threats that are based on DGA as well as DDGA .
Newly observed domains and the Ukraine war
The surge in registration and observation of new domains related to the Russian invasion of Ukraine has been over for some time . Nevertheless , Infoblox research shows that low levels of new phishing campaigns , donation scams and other suspicious activities are still being launched in attempts to take advantage of Ukraine ’ s crisis .
Overall , data shows that the volume of legitimate domains is greater than malicious websites in Infoblox ’ s environment . The surge in newly observed domains began in the first week after the invasion ( the beginning of March ).
For several weeks , many legitimate sites were created to help provide relief to the people of Ukraine ; however , cyberthreat actors and scammers also took advantage of the crisis , creating their own sites and adding to the volume of newly observed domains . By the end of March ( week 13 ), the number of domains started to decrease and the number of newly observed domains in Infoblox ’ s data began to stabilize .
The most recent trends , beginning in April ( week 14 ), show that , on average , there continues to be a higher – though only slightly – number of newly observed domains ( legitimate and suspicious / malicious ) in comparison to before the invasion .
Although the number of malicious domains is trending down , users should remain vigilant . From previous experience , bad actors will continue to exploit individuals through email , malvertizing and other means as long as they can . For comparison , while COVID-related malware campaigns peaked in 2020 , we still see them two years later . Users should carefully inspect requests for donations from organizations they are not familiar with and they should not click on links from unknown sources .
“ Our report shares research on many dangerous malware threats ,” said Mohammed Al-Moneer , Regional Director , META at Infoblox . “ Security effectiveness depends on timely , up-to-date threat intelligence . Using tools included in Infoblox BloxOne Threat Defense , security teams can collect , normalize and distribute highly accurate , multi-sourced threat intelligence to strengthen the entire security stack . Additional capabilities can help SecOps to accelerate threat investigation and response by up to two-thirds .” p
26 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com