A long existing risk in Cyber Security is the risk of typo-squatted domains. These attacks rely on the fact that humans are unable to consistently type the same domain name. If such a domain is then registered by an attacker, potentially confidential information could leak to these attackers, due to typological errors (typo) in email addresses as an example, by infecting a visitor of the typo-squatted site or by presenting a look-alike site without the user's awareness of the ruse. Our technology aims at detecting typo-squatted domains and keeping track of the activity on these domains such that appropriate action could then be taken.
The technology is available as a software module that detects typo-squatted domains based on a first domain that is given. It uses smart algorithms to find possible typo-squatted domains and subsequently checks for the existence of these domains. The software can be adapted in various ways; in one example implementation the software collects more information about the domain and rates the newly registered domain in terms of the level of malicious intent. In another implementation, the software is adapted to check during the registration phase if the domain registered is not a potential typo-squatted domain. The software can also be adapted to send out alerts that allow a security operations center to keep an eye on typo-squatted domains.
Applications include the running of the software in a stand-alone fashion in order to keep an eye on typo-squatted domains. Other applications could include forwarding alerts to existing systems or running this in parallel with other systems.
There are three main markets for this software:
We are not aware of competing offers that focus on typo-squatting. The solution is novel as the problem is a recognized one but little is done to mitigate it. This software provides a way to keep track of typo-squatted domains and take appropriate action based on what happens with the domain, who registers it and what the website looks like.