Qualys Adds Threat Intelligence for Typosquatting and Defamatory Domains to External Attack Surface Management

Bob Beliveau
Bob Beliveau, Principal Subject Matter Expert, CyberSecurity Asset Management, Qualys LinkedIn: https://www.linkedin.com/in/bbeliveau/
- 5 min read

Last updated on: February 17, 2025

Table of Contents

Cybersecurity professionals can now use Qualys CyberSecurity Asset Management (CSAM) with External Attack Surface Management (EASM) to reduce cyber risks from credential harvesting, phishing, and malware downloads and diminish reputational harm.

Bad actors have been registering look-alike, sound-alike, misleading, and malicious URLs since just about the beginning of internet domain registration, and they are not slowing down. These malicious domains can deceive internet users into entering sensitive data and credentials and downloading malware, and they can also cause organizations reputational damage.

Recognizing that cyber security professionals like you need help quickly assessing and mitigating these domain name service risks, Qualys now provides you with typosquatting and defamatory domain detection to quickly and continuously help identify and mitigate cyber and brand risk from these malicious techniques.

Typosquatting

Cybercriminals may register look-alike or typosquatted domains to trick users into entering credentials and other sensitive information into web forms hosted on websites that closely resemble your organization or brand. Typosquatted domains are intended to trick users who either misspell a website name or who click on search results that take them to malicious websites impersonating your organization or brand with the goal of getting the users to enter credentials, sensitive data, or even download malware.

Defamatory Domains

Bad actors may register domain names that add negative and defamatory words to your valid domain names and host content that is specifically intended to harm your organization’s reputation. These sites may contain numerous defamatory statements and may also include potential trademark infringement-related harm.

How Qualys Helps

Qualys has added typosquatted and defamatory domain detection functionality into its CSAM module as part of its EASM functionality. 

CSAM provides both internal and external surface management, with EASM focusing on external risks. EASM provides discovery of and visibility into risks in your organization’s external attack surface, with continuous discovery of your organization’s Domains, IP addresses, certificates, vulnerabilities, exposed ports, and software.

For Qualys CSAM users, you can now enable typosquatting and defamatory domain detection in your EASM configuration. This feature helps to automatically detect these typosquatted and defamatory domains, eliminating the need to deploy and manage specialty tools to handle these risks. The discoveries will happen automatically, using pre-configured permutations of valid discovered domains to discover domains registered to bad actors trying to hijack users and cause your organization harm. 

EASM makes this detection easy, and there are no complex configurations to manage. All you need to do is enable Typosquatted Domains Discovery in your profile on the EASM Configuration and optionally include or exclude Defamatory Domains.

On the next EASM discovery, after collecting the valid domains, EASM automatically takes the list of these discovered domain names and uses prebuilt domain permutations and a negative sentiment dictionary to build a list of potential typosquatted and defamatory domains. EASM then performs DNS and WHOIS lookups on these permutations to identify these malicious domains, uncovering possible spoofs before they cause damage to your organization’s business. This proactive approach helps companies stay one step ahead of cybercriminals who seek to deceive users by creating fake websites.

Once discovery has been completed, you can quickly see which typosquatted domains have been registered by visiting the Inventory > EASM > Domains page and selecting the Typosquatted Domains box. You can filter and group the list using the Registrant Org and Permutation Options on the left or the controls above the domain list.

Defamatory domains are filtered out by default but can be shown by disabling the filter in the typosquatted domains screen. A new Permutation Type Group on the left is then shown, allowing you to filter on just Defamatory Domains.

You can also click on any of the domains to get details on how it was found and registration info.

Responding to These Risks

Users need to be vigilant when clicking and typing, but organizations must also protect themselves. 

Once you have identified these typosquatted or defamatory domains, you can pursue the publishers of the harmful content through traditional legal techniques or have the identical or confusingly similar domain names transferred to your organization or canceled altogether.

For organizations, the best strategy is to try to stay ahead of typosquatting attacks:

  • Use CSAM typosquatting functionality to regularly monitor and search for potential typosquatting domains can help you identify and address any issues before they become a problem
  • Register typo versions of your organization’s domain before squatters do, helping ensure that users who accidentally mistype your URL are still directed to your website instead of a fraudulent one
  • Use SSL certificates to signal trust
  • Notify stakeholders
  • Get suspicious websites or mail servers taken down

Qualys Helps You Address These Domain-based Risks

To better manage risks to your organization from typosquatted and defamatory domains, click below to start a free trial of Qualys CyberSecurity Asset Management with External Attack Surface Management.

Get a handle on typosquatted and defamatory domains with a 30-day trial of CyberSecurity Asset Management (CSAM)

Try CSAM Today
Share your Comments

Comments

Your email address will not be published. Required fields are marked *