Introduction
I don’t want to be one of those people, but I fear I must and say, “boy, this year is flying by!” It truly is, though! Somehow it’s July and the first half of the year is behind us. DomainTools has been hard at work with live presentations, events and conferences, and the Breaking Badness Cybersecurity Podcast. We hope you had a chance to catch this year’s RSAC mini-series, The Art of the Possible, featuring researchers, intelligence analysts, security advocates, and C-suites in the industry. We’ll be back at Black Hat and DEF CON in Las Vegas in a few short weeks and our goal is to talk to more folks in the community – if you’d like to be on the show, fill out our Google form and let us know what you’d like to chat about.
But without further ado, let’s dig into what the industry found the most interesting, entertaining, and helpful in Q2 2024.
7 Most Popular Blogs of Q1 2024
Coming in at the number 7 slot is a very meta blog, indeed. It is last quarter’s 7 Most Popular Blogs post! This community likes a good roundup post it would seem. We encourage you to check out that post, if you haven’t already, to learn more about finding new ASNs, bringing up a secure virtual private server under Debian 11, and more.
The DomainTools Report, Spring 2024
Our next top post was an overview of a larger report, The DomainTools Report: Spring 2024 Edition. In this post, we summarize information regarding domain registration, hosting, and content-related data in an effort to surface patterns and trends that may be beneficial to researchers, security practitioners, and others who are interested in suspicious or malicious use of online infrastructure.
New Draft Rule on Ransomware Payments and Cyber Incident Reporting
Distinguished Scientist, Joe St Sauver, penned a comprehensive summary and highlighted noteworthy sections of the Cyber Incident Report for Critical Infrastructure Act (CIRCIA) and outlined further reading.
You Must Pay the Toll Troll
Next up is our post detailing research our team completed to see domains and objectives associated with a smishing campaign purporting to be a road toll collection service in several states. We walk readers through finding the domains associated with this campaign using Iris Investigate, the reconnaissance performed to see where victims were taken once they clicked the smishing link, recommendations, as well as an update to the campaign as we continued tracking it.
So You’re Going to RSA Conference 2024?
We were excited to return to RSAC back in May! So excited that we compiled a list of presentations that looked intriguing (and you can find them online on the RSAC website), dining and attractions in San Francisco, and DomainTools plans at the event. We’ll be heading to Black Hat and DEF CON in Vegas in a few short weeks, so there’s another chance to meet up with us in person very soon!
DomainTools Reflections on the 2024 Data Breach Investigations Report
We’re almost to our top post! In our #2 spot is our reflections piece on Verizon’s 2024 Data Breach Investigations Report (DBIR). As it is the mission of DomainTools to make the Internet a safer place, we were excited to be a Contributing Organization to the report and highlight learnings. There’s a tl;dr if you’re into summarizations (and hey, you’re reading this summary piece so that might be your jam), but if you want a deeper dive, we provide that too.
The Resurgence of the “Manipulaters” Team – Breaking HeartSenders
You made it to the #1 post of Q2 2024! In slot #1, we have our research on the Manipulaters (yes, it really is spelled that way!) Using a combination of domain-related data and open-source intelligence (OSINT) techniques, DomainTools Research identified dozens of Manipulaters cybercrime marketplaces that show this once defunct threat actor group represents a growing concern. You can read the blog post for more detail, or if video is more your way of learning, check out our webinar on this threat group.
Conclusion
And that’s all there is. There isn’t anymore (not sure if there’s a huge cross section of Madeline fans and the infosec community, but I’m shooting my shot). Actually, that’s not really all there is, of course. As mentioned earlier in the post, we’re heading to conferences like Black Hat, DEF CON, fal.con, and more in Q3 and beyond. We’ll also continue to share more blog posts on research and events we attend, so stay tuned for those. You can also stay apprised of the latest campaigns we’re looking into on Security Snacks on X and Mastodon.
