Airline needs specialized tools to safely investigate typosquatting and phishing incidents
With decades in continuous service, our customer is among the largest commercial airlines in the United States. The company’s commitment to their customers and community extends beyond exceptional air travel; it employs a dedicated team of security professionals to monitor all cybersecurity incidents, train personnel on safe browsing, investigate threats and mount appropriate response to any cases of malware, typosquatting, phishing or malicious advertisement.
Typosquatting, also known as URL hijacking, is a type of social engineering attack, which relies on users incorrectly typing the website’s name when trying to access it via their browser. Bad actors use typosquatting to mimic well-known brands and popular websites to mislead users into giving up their personal and financial information, or entice them to click on malicious links.
The airline has experienced many incidents of typosquatting, but didn’t have the right tools to thoroughly investigate each instance to determine who was targeting their brand and how they were planning to profit from stolen information.
The airline has experienced many incidents of typosquatting, but didn’t have the right tools to thoroughly investigate each instance.-
“Silo for Research is one of the best tools we have in the SOC”
The airline’s SOC first discovered Silo for Research when a former military analyst joined the team. He recommended Silo as a solution for safe and anonymous investigations, and it quickly became an integral part of the SOC’s workflow.
The team agrees that Silo for Research has helped them become more productive, and credits the tool for several successful takedowns — with the help of the airline’s legal team — of criminal individuals and groups who hosted typosquatting sites, posing a threat to the airline’s brand and reputation.
Secure, anonymous solution for online investigations
When investigating the people or organizations behind malware attacks, phishing schemes or typosquatting, the SOC team first needs to see for themselves what counterfeit sites look like and what features they contain to gather personal data or redirect users to expose them to inappropriate or misleading content.
Silo for Research provides a safe, cloud-based browsing environment isolated from the analyst’s device and corporate network to protect against web-borne threats they may encounter.
Analysts can also control the details of their digital fingerprint conveyed to sites they visit, so they can investigate suspicious persons and groups without alerting them that they are being watched.
Global internet egress node network
Silo for Research connects users with a network of internet egress nodes, encompassing dozens of locations around the world and allowing analysts to spoof their location to appear to access sites from in-region.
This access gave the airline’s SOC team added insight into how typosquatters target users in different locations and on different devices. Sites that returned only a blank page for North American users on Google Chrome appeared to have images closely resembling the airline’s brand for Asia Pacific visitors on mobile devices, giving investigators a unique perspective as to whom the perpetrators were targeting.
The SOC team routinely shares the information and evidence collected using Silo for Research with the airline’s broader security groups — including teams that subscribe to external threat intel feeds — to help keep their blocked sites lists up to date, and stay on a guard for lookalike domains and certificate registrations.
Silo for Research’s screen capture feature has proven invaluable when collaborating with internal legal teams and the law enforcement to expose criminal organizations behind large-scale phishing campaigns and other cybercrimes. The solution also logs all activity in encrypted logs with customer-managed keys, simplifying the handoff to legal investigations.