skip to main content
10.1145/3664476.3664518acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article
Open access

Dealing with Bad Apples: Organizational Awareness and Protection for Bit-flip and Typo-Squatting Attacks

Published: 30 July 2024 Publication History

Abstract

The domain name system (DNS) maps human-readable service names to IP addresses used by the network. As it exerts control over where users are directed to, domain names have been targets of abuse ever since the Internet become a success. Over the past twenty years, adversaries have repeatedly invented new strategies to trick users and our findings reveal a continuous increase in the exploitation of domain names.
Aside from educating users, it is foremost the responsibility of organizations to monitor for or proactively register domain names with abuse potential. This however requires organizations to be aware and translate this into concrete action. While the typo-related attacks of the early 2000s are self-explanatory, other types of domain attacks are not. In this paper, we investigate the level of organizational awareness and preparedness towards two types of DNS abuse, and analyze the reaction and protection response of 300 large organizations over the course of 7 years. We find that large companies take little action towards this threat, with the exception of few well-prepared organizations. We validate these findings in an interview study with security experts of 12 large organizations and discover that this lack of preparation is the result of insufficient resources and a clear preference for reaction to incidents instead of prevention.

References

[1]
1999. Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d). Act of Congress PubL 106-113.
[2]
Vamsikrishna Bandari. [n. d.]. Enterprise Data Security Measures: A Comparative Review of Effectiveness and Risks Across Different Industries and Organization Types. International Journal of Business Intelligence and Big Data Analytics ([n. d.]).
[3]
Rajasekhar Chaganti. [n. d.]. An Analysis of Domain Squatting: US 2020 Presidential Election. ([n. d.]).
[4]
Rahul Chatterjee, Anish Athayle, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart. 2016. pASSWORD tYPOS and How to Correct Them Securely. In 2016 IEEE Symposium on Security and Privacy (SP).
[5]
Gokul CJ, Sankalp Pandit, Sukanya Vaddepalli, Harshal Tupsamudre, Vijayanand Banahatti, and Sachin Lodha. 2018. PHISHY - A Serious Game to Train Enterprise Users on Phishing Awareness(CHI PLAY ’18 Extended Abstracts).
[6]
Artem Dinaburg. 2011. Bitsquatting - DNS Hijacking without Exploitation(Proceedings of BlackHat Security).
[7]
Marianne Dunham and Jason Watson. 2013. Cybersquatting; typosquatting – Facebooks $2.8 million in damages and domain names. (2013).
[8]
Benjamin Edelman. 2003. Large-Scale Registration of Domains with Typographical Errors. (2003).
[9]
Sunet Eybers and Zenzo Mvundla. 2022. Investigating Cyber Security Awareness (CSA) Amongst Managers in Small and Medium Enterprises (SMEs). Comprehensible Science: ICCS.
[10]
Tobias Holgers, David E. Watson, and Steven D. Gribble. 2006. Cutting through the Confusion: A Measurement Study of Homograph Attacks(USENIX Annual Technical Conference).
[11]
Nicolas Huaman, Bennet von Skarczinski, Dominik Wermke, Christian Stransky, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium.
[12]
Mohammad Taha Khan, Xiang Huo, Zhou Li, and Chris Kanich. 2015. Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting(2015 IEEE Symposium on Security and Privacy).
[13]
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, and Manos Antonakakis. 2017. Hiding in Plain Sight. (2017).
[14]
Takashi Koide, Naoki Fukushi, Hiroki Nakano, and Daiki Chiba. 2023. PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names. In Proceedings of the 39th Annual Computer Security Applications Conference(ACSAC ’23).
[15]
Neeraj Kumar, Sukhada Ghewari, Harshal Tupsamudre, Manish Shukla, and Sachin Lodha. 2021. When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking. In 2021 APWG Symposium on Electronic Crime Research (eCrime). 1–15.
[16]
Pablo Loyola, Kugamoorthy Gajananan, Hirokuni Kitahara, Yuji Watanabe, and Fumiko Satoh. 2020. Automating Domain Squatting Detection Using Representation Learning. In 2020 IEEE International Conference on Big Data.
[17]
Abdallah Moubayed, Emad Aqeeli, and Abdallah Shami. 2020. Ensemble-based Feature Selection and Classification Model for DNS Typo-squatting Detection. IEEE Canadian Conference on Electrical and Computer Engineering (CCECE) (2020).
[18]
Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2013. Bitsquatting: Exploiting Bit-Flips for Fun, or Profit?. In International Conference on World Wide Web.
[19]
Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2014. Soundsquatting: Uncovering the Use of Homophones in Domain Squatting. In Information Security.
[20]
Alina Oprea, Zhou Li, Robin Norris, and Kevin Bowers. 2018. MADE: Security Analytics for Enterprise Threat Detection. In Proceedings of the 34th Annual Computer Security Applications Conference(ACSAC ’18).
[21]
Paolo Piredda, Davide Ariu, Battista Biggio, Igino Corona, Luca Piras, Giorgio Giacinto, and Fabio Roli. 2017. Deepsquatting: Learning-Based Typosquatting Detection at Deeper Domain Levels. In AI*IA 2017 Advances in Artificial Intelligence.
[22]
Florian Quinkert, Martin Degeling, Jim Blythe, and Thorsten Holz. 2020. Be the Phisher – Understanding Users’ Perception of Malicious Domains. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security(ASIA CCS ’20).
[23]
Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, and Thorsten Holz. 2019. It’s Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains. In 2019 IEEE Conference on Communications and Network Security (CNS).
[24]
Jeffrey Spaulding, Shambhu Upadhyaya, and Aziz Mohaisen. 2016. The Landscape of Domain Name Typosquatting: Techniques and Countermeasures. (2016).
[25]
Rock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, and Michelle L. Mazurek. 2018. The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. In 27th USENIX Security Symposium.
[26]
Janos Szurdi and Nicolas Christin. 2017. Email Typosquatting. In Proceedings of the 2017 Internet Measurement Conference.
[27]
Rashid Tahir, Ali Raza, Faizan Ahmad, Jehangir Kazi, Fareed Zaffar, Chris Kanich, and Matthew Caesar. 2018. It’s All in the Name: Why Some URLs are More Vulnerable to Typosquatting. In 2018-IEEE Conference on Computer Communications.
[28]
Craig Valli, Ian Martinus, and Michael N. Johnstone. 2014. Small to Medium Enterprise Cyber Security Awareness: An Initial Survey of Western Australian Business(Proceedings of International Conference on Security and Management).
[29]
Craig Valli, Ian Martinus, Jayne Stanley, and Michelle Kirby. 2021. CyberCheck.me: A Review of a Small to Medium Enterprise Cyber Security Awareness Program. In Advances in Security, Networks, and Internet of Things.
[30]
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis. 2017. The Wolf of Name Street: Hijacking Domains Through Their Nameservers. In 2017 Conference on Computer and Communications Security.
[31]
Yi-Min Wang, Doug Beck, Jeffrey Wang, Chad Verbowski, and Brad Daniels. 2006. Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting. Steps to Reducing Unwanted Traffic on the Internet.
[32]
Wikipedia. [n. d.]. List of most expensive domain names. ([n. d.]).
[33]
Yuwei Zeng, Xunxun Chen, Tianning Zang, and Haiwei Tsang. 2021. Winding Path: Characterizing the Malicious Redirection in Squatting Domain Names. In Passive and Active Measurement.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 July 2024

Check for updates

Author Tags

  1. Bit-flip squatting
  2. Cyber threat intelligence
  3. Domain squatting
  4. Enterprise security
  5. Typo-squatting

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ARES 2024

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 166
    Total Downloads
  • Downloads (Last 12 months)166
  • Downloads (Last 6 weeks)40
Reflects downloads up to 11 Feb 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media