A naukri.com initiative
Infoblox
3w
189
Image Credit: Infoblox
Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams
- Investment scams led to consumers losing $5.7 billion in 2024, with threats such as pig butchering scams and social media advertisements.
- Actor TTP patterns in investment scams involve techniques like registered domain generation algorithms (RDGAs) and embedded web forms to collect user data.
- Scam actors utilize techniques like traffic distribution systems (TDS) and fake news to deceive victims into transferring money.
- Validation checks are conducted on user information such as email and phone numbers, and HTTP GET requests are made to validate IP addresses.
- Ruthless Rabbit and Reckless Rabbit are two notable scam actors tracked through RDGAs, with unique patterns in their domain registrations.
- Ruthless Rabbit's scams target users in Eastern European countries and employ cloaking services to validate user data before redirecting to scam landing pages.
- DNS is crucial for detecting and blocking infrastructure used by scam actors, who exploit mechanisms like RDGAs and TDSs to maintain their operations.
- Scammers leverage DNS to create a large number of domains for their campaigns and hide malicious content from security researchers.
- Investment scam actors like Reckless and Ruthless Rabbits continue to evolve their tactics, making automated detection through DNS crucial in combating these scams.
- The proliferation of RDGA domains underscores the importance of leveraging automated detection techniques to correlate and address investment scam domains at scale.
Read Full Article
11 Likes
For uninterrupted reading, download the app