This investigation began innocently enough, with StrongestLayer’s analysts discovering a seemingly harmless domain during routine zero-day phishing threat-hunting. The domain, associated with a fake brand called Swift Nexus Bank (swiftnexusbank[.]com), showed no immediate signs of malicious activity. However, red flags began to surface upon closer inspection, prompting a deeper investigation into the registrant’s history.
The Discovery By StrongestLayer
Our team soon unearthed multiple newly registered domains under the same registrant, including another fictitious bank called Ace Guaranty Bank (aceguarantybnk[.]com). Both brands shared striking similarities, identical website templates, forged contact details, and non-existent physical addresses. Every link on these websites was redirected to a loopback URL, signaling that something was off.
As we dug deeper, we discovered this wasn’t an isolated incident. Many more fake banks and brands were found, each tied to the same registrant, using similar phone numbers, web page templates, and contact information.
The Great Breakthrough: 3 Million Malicious Domains
What began as an investigation into a few domains quickly escalated. StrongestLayer analysts soon identified clusters of websites all following the same pattern, some impersonating legitimate brands like Amazon Express Global (amazonexpressglobal[.]com). These fake brands were mainly registered within the last few months and spanned across the globe.
We found that over 3 million malicious domains had been registered, all presenting AI-generated content—from images to text. The websites were meticulously crafted to appear legitimate yet were entirely fictitious.
AI’s Role in Phishing
One key observation from our analysis is the widespread use of AI tools in these phishing operations. Not only was the website content AI-generated, but we also found that generative AI had been used to create complex, non-functional code meant to obfuscate the real purpose of these sites making detection much more challenging for traditional security tools.
Social Media Presence
In addition to their deceptive websites, the threat actors behind these operations were leveraging social media. We found high-activity profiles on platforms like LinkedIn promoting these fake brands. These accounts interacted with followers, building trust and legitimacy, all while orchestrating phishing campaigns behind the scenes.
Final Thoughts: What we Think?
StrongestLayer’s discovery of over 3 million malicious domains is a testament to the evolving nature of phishing attacks. The threat landscape is becoming more challenging with the rise of AI-generated brands and advanced phishing techniques.
Organizations must stay ahead of these developments by adopting cutting-edge security measures and educating employees on recognizing fraudulent activities.
At the time of publication, none of these domains were flagged by other security vendors, highlighting the urgency for companies to leverage proactive tools like StrongestLayer for comprehensive protection. To learn more about the domains uncovered and how to protect your business, contact StrongestLayer today.
Key Takeaways for Cybersecurity
This investigation highlights several important points for organizations and their employees:
- Fake brands are dangerous
Phishing attacks don’t always rely On mimicking well-known brands. Attackers often create fictitious brands to lure victims into a false sense of security. These AI-generated brands are compelling and may appear legitimate at first glance.
- Vigilance is crucial:
Just because a domain looks clean or reputable doesn’t mean it’s safe. In this case, the phishing sites had no immediate malicious activity but were still part of a more significant attack infrastructure designed to deceive over time.
- AI is used in phishing campaigns
Attackers now use AI tools to create complex code and fake content, making it harder for traditional detection systems to identify threats. The use of AI in phishing attacks marks an evolution in tactics that organizations need to be prepared for.
- Security tools are essential
Without advanced detection tools like StrongestLayer’s CyberGuard, identifying and mitigating such threats becomes difficult. Employees and security teams must be equipped to recognize suspicious behaviour and flag potential threats, even when the content seems legitimate.
FAQs (Frequently Asked Questions)
What are AI-generated fake brands?
AI-generated fake brands are fictitious online entities created using automated tools to simulate legitimate businesses. These fake brands are often used in phishing schemes to deceive individuals into providing sensitive information.
How did StrongestLayer discover these phishing domains?
StrongestLayer’s threat intelligence engine uncovered these domains through automated threat-hunting activities, followed by a detailed investigation into a suspicious domain that discovered over 3 million phishing domains worldwide.
Why are these phishing attacks dangerous?
These phishing attacks use convincing fake brands and online profiles to trick individuals into interacting with fraudulent websites. Since many sites appear legitimate, they can bypass traditional security filters and deceive unsuspecting users.
What is the impact of this discovery?
StrongestLayer’s discovery highlights the growing sophistication of phishing attacks using AI-generated brands. It emphasizes the importance of proactive monitoring and security measures to identify and protect against such threats.
How can organizations protect themselves from similar phishing attacks?
Organizations should adopt advanced threat detection tools, like StrongestLayer’s CyberGuard, which can identify and mitigate phishing threats before they cause damage. Employee training and awareness programs are crucial in recognizing and avoiding phishing scams.
Safwan Khan & Haris Kamal
StrongestLayer Threat Intelligence