{"id":6031,"date":"2024-07-31T13:16:18","date_gmt":"2024-07-31T17:16:18","guid":{"rendered":"https:\/\/solutionsreview.com\/network-monitoring\/?p=6031"},"modified":"2024-07-31T13:43:43","modified_gmt":"2024-07-31T17:43:43","slug":"lurking-in-the-deep-submarine-domains-waiting-to-activate","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/","title":{"rendered":"Lurking in the Deep: Submarine Domains Waiting to Activate"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-6032\" src=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg\" alt=\"Submarine Domains\" width=\"786\" height=\"393\" srcset=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg 786w, https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains-300x150.jpg 300w, https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains-768x384.jpg 768w\" sizes=\"(max-width: 786px) 100vw, 786px\" \/><\/p>\n<p><em><strong>Elliot Champion of <a href=\"https:\/\/www.cscdbs.com\/\" target=\"_blank\" rel=\"noopener\">CSC Digital Brand Services<\/a> dives deep into a look at submarine domains and the impact they can have on your business. This article originally appeared in <a class=\"external\" href=\"https:\/\/insightjam.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Insight Jam<\/a>, an enterprise IT community enabling the human conversation on AI.<\/strong><\/em><\/p>\n<p>There\u2019s plenty of focus today on what companies can do in advance to prepare against cyber-attacks\u2013 rightfully so. But, what about the strategies cyber-criminals are deploying to lay the groundwork for those cyber-attacks? How are we preventing these strategies from taking root?<\/p>\n<p>My team at CSC has been observing an increasing trend in domain security attacks that stem from what we call \u201csubmarine domain registrations\u201d \u2013 domains that are registered by criminals but remain unused and inactive for extended periods until the day of an actual cyber-attack. &#8220;Submarine domains&#8221; is an analogy for the activity of these dormant domains, as they drop quietly within a domain ecosystem and then resurface again as a threat\u2014 just like a submarine.<\/p>\n<h2><strong>Lurking in the Deep: Submarine Domains Waiting to Activate<\/strong><\/h2>\n<hr \/>\n<h3><strong>Introduction<\/strong><\/h3>\n<p>While the official terminology for domains with this specific registration pattern (i.e., &#8220;strategically aged domains&#8221;) is typically referred to as &#8220;dormant&#8221; within the industry, we came up with a separate terminology for the specific instances where the dormant domain is purposely kept and re-registered with the intent of committing fraud and online brand abuse. We did this because there are other uses for picking up a dormant domain, including situations like trademark rights being owned by a third party that then poses a commercial risk due to traffic, in which case the company would have to acquire the domain. In this article, I\u2019ll specifically dive deeper into how submarine domains operate, what they are capable of, and how companies can strengthen their security postures to address them.<\/p>\n<h3><strong>Lying in Wait, Poised to Strike<\/strong><\/h3>\n<p>Cyber-criminals are privy to publicly available information about domains, as well as the reality that many organizations rely on security programs that don\u2019t monitor for domain aging or risky registrations on a consistent basis. As a result, they are constantly on the lookout for available, branded domains they can weaponize. Some cyber-criminals may register and hold onto branded domains \u2013 perhaps hosting holding or parking pages, or displaying \u201csite under construction\u201d messaging \u2013 with the intent to resell them back to the targeted organization. Or, they may be plotting an even greater malicious activity such as a phishing or malware attack.<\/p>\n<p>While fraudulently registered domains traditionally are leveraged for cyber-attacks within a short window of time, say within 30 days, we define a domain name that\u2019s weaponized more than 6 months from its original registration date to be a \u2018submarine domain.\u2019 The biggest issue with these domains is that they are not suspicious right away. Submarine domains often escape initial detection because they don\u2019t immediately have any of the characteristics of a domain registered to launch an attack \u2013 e.g., an active MX record \u2013 which would usually raise a red flag. This leaves plenty of room for cyber-criminals to build more complex and personalized attack campaigns that have more devastating ramifications.<\/p>\n<p>Typically, younger domains are likely to be used by bad actors, but this is not always the case. Aside from the age of the domain, it\u2019s also important to closely monitor how close the domain registrations are to previously identified threats and see if there is a registration pattern. Registration patterns aren\u2019t easy to spot in one place, but collecting an overarching view across various top-level domains (TLDs) can enable teams to see patterns across IP addresses.<\/p>\n<p>It\u2019s also vital to watch out for mimicking behaviors in your domain activity. What we mean by this is, if your brand is registering a series of new domains for a product, service, or new brand, are third parties doing so as well?<\/p>\n<p>Submarine domains capitalize on the process of domain aging, where cyber-criminals fraudulently register domains associated with a brand and leave them dormant (or inactive) until they are ready to be weaponized. This is similar to other attack strategies where threat actors use legitimate tools and processes within a company to steal information or launch malware or other malicious campaigns.<\/p>\n<h3><strong>Locate the Submarine Domain, Be on Watch<\/strong><\/h3>\n<p>Although domains are foundational to business operations, many organizations do not consider domain security to be a critical component of their overall cybersecurity programs. Often, this is because it\u2019s not clear whose responsibility they are; Security or IT teams can think they are part of the Marketing or Legal teams\u2019 remit, and vice versa. But, without security protocols in place, domains can be registered by anyone, at any time and for any reason, and this leaves unassuming companies ripe for exploitation.<\/p>\n<p>The key to tackling submarine domains is the mitigation and preparation before the malicious act occurs. Security and brand protection teams who wish to prevent the consequences of activated submarine domains need to develop strategies to continuously monitor for dormant domains in their ecosystem, which could be threats waiting to be activated. Not only is it important to have productive monitoring, but it is also equally important to have effective enforcement and a digital governance team across all teams (marketing, security, legal, IT, etc.), who all understand the process and are committed to mitigating any damage.<\/p>\n<p>Dormant domains suspected to be submarine domains must be monitored constantly for any changes that indicate they are being prepared for use, and appropriate procedures must be in place to address the malicious domain activity they were created for.<\/p>\n<h3><strong>Best Practices and Final Thoughts<\/strong><\/h3>\n<p>A good defensive strategy to use against submarine domains involves:<\/p>\n<ul>\n<li>Conducting defensive registrations on key strings<\/li>\n<li>Watching the entire ecosystem and gathering key information such as:<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Who registered the domain? Was it a trusted internal team, a company partner or an unknown third party?<\/li>\n<li>When was the last time the domain was in use?<\/li>\n<li>What is the domain connected to? Have any MX records been attached to this domain that might indicate its intended use for email phishing campaigns?<\/li>\n<li>Are there any trends within your domain ecosystem, e.g. groups of domains behaving in the same way?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Monitoring for new re-registrations and dropped domains<\/li>\n<li>Taking enforcement action against the live cases<\/li>\n<\/ul>\n<p>Cyber-criminals looking to infiltrate and exploit your company will continue to scour digital enterprises for the quiet areas where no one is looking. As submarine domains continue to grow as online threats, my biggest advice is to be proactive in creating a strategy that covers your entire domain ecosystem and have a clear action plan for a takedown when a live case occurs. This allows you to be prepared for all eventualities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business. This article originally appeared in Insight Jam, an enterprise IT community enabling the human conversation on AI. There\u2019s plenty of focus today on what companies can do in advance to prepare [&hellip;]<\/p>\n","protected":false},"author":1099,"featured_media":6032,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,21],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Lurking in the Deep: Submarine Domains Waiting to Activate<\/title>\n<meta name=\"description\" content=\"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lurking in the Deep: Submarine Domains Waiting to Activate\" \/>\n<meta property=\"og:description\" content=\"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Network Monitoring Vendors, Software, Tools and Performance Solutions\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-31T17:16:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-31T17:43:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"786\" \/>\n\t<meta property=\"og:image:height\" content=\"393\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Elliott Champion\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elliott Champion\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/\",\"name\":\"Lurking in the Deep: Submarine Domains Waiting to Activate\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg\",\"datePublished\":\"2024-07-31T17:16:18+00:00\",\"dateModified\":\"2024-07-31T17:43:43+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/53d24b1db8926f122d91efa4cf84eb37\"},\"description\":\"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg\",\"width\":786,\"height\":393,\"caption\":\"Submarine Domains\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/network-monitoring\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lurking in the Deep: Submarine Domains Waiting to Activate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#website\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/\",\"name\":\"Best Network Monitoring Vendors, Software, Tools and Performance Solutions\",\"description\":\"Solutions Review Network Monitoring\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/network-monitoring\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/53d24b1db8926f122d91efa4cf84eb37\",\"name\":\"Elliott Champion\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Elliott-Champion-Headshot-JPEG.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Elliott-Champion-Headshot-JPEG.jpg\",\"caption\":\"Elliott Champion\"},\"description\":\"Elliott Champion is the global product director for the Brand Protection and Fraud divisions at CSC Digital Brand Services (DBS), where he is responsible for the company\u2019s proprietary technology and product strategy. He is also involved in building client-specific strategies, including optimizing a brand\u2019s online presence and protecting\/evolving CSC Brand Protection services. Prior to his current role, Elliott spent several years advising European customers as a brand protection specialist, building brand strategies, and working as an enforcement analyst from his hometown of Cambridge in the U.K.\",\"sameAs\":[\"https:\/\/www.cscdbs.com\/\"],\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/author\/echamp\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lurking in the Deep: Submarine Domains Waiting to Activate","description":"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/","og_locale":"en_US","og_type":"article","og_title":"Lurking in the Deep: Submarine Domains Waiting to Activate","og_description":"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.","og_url":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/","og_site_name":"Best Network Monitoring Vendors, Software, Tools and Performance Solutions","article_published_time":"2024-07-31T17:16:18+00:00","article_modified_time":"2024-07-31T17:43:43+00:00","og_image":[{"width":786,"height":393,"url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg","type":"image\/jpeg"}],"author":"Elliott Champion","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Elliott Champion","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/","url":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/","name":"Lurking in the Deep: Submarine Domains Waiting to Activate","isPartOf":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg","datePublished":"2024-07-31T17:16:18+00:00","dateModified":"2024-07-31T17:43:43+00:00","author":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/53d24b1db8926f122d91efa4cf84eb37"},"description":"Elliot Champion of CSC Digital Brand Services dives deep into a look at submarine domains and the impact they can have on your business.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#primaryimage","url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg","contentUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Submarine-Domains.jpg","width":786,"height":393,"caption":"Submarine Domains"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/network-monitoring\/lurking-in-the-deep-submarine-domains-waiting-to-activate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/network-monitoring\/"},{"@type":"ListItem","position":2,"name":"Lurking in the Deep: Submarine Domains Waiting to Activate"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#website","url":"https:\/\/solutionsreview.com\/network-monitoring\/","name":"Best Network Monitoring Vendors, Software, Tools and Performance Solutions","description":"Solutions Review Network Monitoring","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/network-monitoring\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/53d24b1db8926f122d91efa4cf84eb37","name":"Elliott Champion","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/image\/","url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Elliott-Champion-Headshot-JPEG.jpg","contentUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/07\/Elliott-Champion-Headshot-JPEG.jpg","caption":"Elliott Champion"},"description":"Elliott Champion is the global product director for the Brand Protection and Fraud divisions at CSC Digital Brand Services (DBS), where he is responsible for the company\u2019s proprietary technology and product strategy. He is also involved in building client-specific strategies, including optimizing a brand\u2019s online presence and protecting\/evolving CSC Brand Protection services. Prior to his current role, Elliott spent several years advising European customers as a brand protection specialist, building brand strategies, and working as an enforcement analyst from his hometown of Cambridge in the U.K.","sameAs":["https:\/\/www.cscdbs.com\/"],"url":"https:\/\/solutionsreview.com\/network-monitoring\/author\/echamp\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts\/6031"}],"collection":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/users\/1099"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/comments?post=6031"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts\/6031\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/media\/6032"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/media?parent=6031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/categories?post=6031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/tags?post=6031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}