57.6 F
Washington D.C.
Thursday, June 8, 2023

Coast Guard Warns of Malicious Typosquatting Directed at Port Facility Websites

Misspellings of several U.S. port facility domains "have recently been registered, likely for malicious purposes," USCG Cyber Command reported.

The Coast Guard Cyber Command Intelligence Department alerted maritime stakeholders last week that typosquatting campaigns operated by cyber criminals continue to target the Marine Transportation System.

Typosquatting targets people who, as the name indicates, make a mistake when typing a URL into a web browser. Users may then be directed to a malicious website that incorporates the common misspelling into its URL yet presents itself as a legitimate website. Once at the fake website, the user may be fooled into revealing sensitive information.

Maritime Cyber Alert 01-22, issued by U.S. Coast Guard Cyber Command in March, reported “a recent uptick in malicious actors using spoofed business websites to target the Marine Transportation System (MTS).”

“Multiple MTS partners have discovered well-constructed, fake websites masquerading as their legitimate business websites. These sites are created presumably to steal information from or install malware on customers’ devices interacting with the sites,” the alert said. “These spoofed websites are not designed to impact the maritime organization directly but resemble watering-hole style attacks where the intended targets are individuals and entities visiting the site. The spoofed websites are professional in appearance and quite sophisticated, some of which are presenting as .com domains. This level of detail can make it difficult to discern a real site from a fraudulent one.”

USCG said last Friday that the attacks are ongoing as “malicious cyber actors continue to spoof U.S. port facility domains using typosquatting techniques in attempts to re-direct users to malicious websites that have similar domain names.”

Misspellings of several U.S. port facility domains “have recently been registered, likely for malicious purposes,” USCG Cyber Command Intelligence Department reported, and “these events have been analyzed and investigated.”

One way to deter typosquatting is for a maritime organization to claim the common misspellings before malicious actors do.

“Organizations may intentionally register similar domains to their own to deter adversaries from creating typosquatting domains,” USCG said. “Other facets of this technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.”

USCG also recommended that maritime organizations consider using services such as WHOIS databases that can help track newly acquired domains. “In some cases it may be possible to pivot on known pieces of domain registration information to uncover other infrastructure purchased by the adversary,” the alert noted. “Consider monitoring for domains created with a similar structure to your own, including under a different TLD.”

USCG also recommended maritime entities be mindful of cyber hygiene, including avoiding clicks on links from third parties. “Treat all traffic transiting your network – especially third-party traffic – as untrusted until it is validated as being legitimate,” USCG said.

Cyber events can be reported to a local Coast Guard Captain of the Port or the Coast Guard Cyber Command 24×7 watch at 202-372-2904 or [email protected].

“Your willingness to comply and report in a timely manner helps the U.S. respond quickly and effectively and makes the maritime critical infrastructure more secure,” USCG said.

Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

- Advertisement -

Latest Articles