Domain Risk Rule: Ukraine Conflict Related Domain Lure
The Ukraine Conflict has created a massive cybersecurity threat by supercharging phishing as an attack technique. Phishing lures attract victims to malicious web pages by exploiting high interest in negative news and disasters.
Recorded Future is currently observing new Ukraine related domains daily, both newly registered domains and subdomains. Some of these domains are important public services, many are benign, and some are malicious. Our Security Intelligence Platform automatically checks these domains against whitelists, evaluates them for technical evidence of maliciousness, and provides clarity on the small fraction of these domains that are convicted as lures.
Rules Triggering and Severity Levels
Recent Ukraine-Related Domain Lure: Malicious severity (risk score of 65 or higher, depending on other evidence of risk observed for the domain.)
- The domain has a URL with confirmed malicious activity and/or malware associated in high fidelity technical data sources.
- The domain has been verified as malicious in technical research done by Insikt Group.
- The domain was recently seen in the past 30 days.
- The domain has a URL with suspicious activity, tagged as untrusted and/or Spam related activity from a vetted third party security source providing high efficacy technical data.
-
The domain was recently seen in the past 30 days.
Suggested Actions
Note: The Ukraine Related Domain Lure risk rule is continuously evolving and driven by Recorded Future Data Science & Research teams for newly registered domains with improvements in automating verdicts of malicious convictions from third party sources.