The US Marine Transportation System (MTS) continues to be targeted by typosquatting campaigns operated by cyber criminals, and USCG provides recommendations to prevents such issues.
Malicious cyber actors continue to spoof U.S. port facility domains using typosquatting techniques in attempts to re-direct users to malicious websites that have similar domain names.
Malicious cyber actors are not directly targeting port facilities, rather, they are targeting individuals who incorrectly type a website address. Misspellings of several U.S. port facility domains have recently been registered, likely for malicious purposes.
These events have been analyzed and investigated, and the following are recommendations for MTS stakeholders:
#1 Mitigate the Opportunity for Attacks: Typosquatting Deterrence – Organizations may intentionally register similar domains to their own to deter adversaries from creating typosquatting domains. Other facets of this technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.
#2 Detection Methods: Consider use of services that may aid in tracking of newly acquired domains, such as WHOIS databases and/or passive DNS. In some cases it may be possible to pivot on known pieces of domain registration information to uncover other infrastructure purchased by the adversary. Consider monitoring for domains created with a similar structure to your own, including under a different TLD.
#3 Untrusted Traffic: Treat all traffic transiting your network – especially third-party traffic – as untrusted until it is validated as being legitimate.
#4 Third Party links: Avoid clicking on links from third parties. Where possible, enter the correct address of the respective website manually in your browser or open it via your bookmarks.
