Can we detect cyber squatting and phishing domains to protect our employees and customers with help of XSOAR and freeware tools?
there are many companies which provide cyber squatting detection and brand reputation service. the idea is to create something similar with XSOAR and freeware tools.
The playbook can run as a job. Analyst need to provide few domain names of interest (like org name, primary customers, etc.). which their employees and customer generally visit and provide/store sensitive data. The playbook generates similar names and checks if any website really exists with the name. The domain names are created using algorithms like Levenshtein distance similarity, TLD replacement, typo sensitivity, adding/removing dots and dashes.
next step is to find if that website is genuine or a phishing website. It can be done with help of website content similarity comparison, image comparison, whois searches, domain age history, indicator comparison, and so on.
To help the analyst, machine learning based comparison of website content should be developed.
Based on analysis, result should be stored in a list so that next time analyst need not to investigate a genuine domain which has similar name.
Log in or sign up for Devpost to join the conversation.