SMS Cybercrime: A DNS Perspective

As email protection has increased, criminals have moved to attack users through SMS and other text messaging services. The cost to consumers of SMS scams alone was $330 million in the US last year, double that of 2021; this is not to mention phishing for credentials and distribution of malware. Additionally, Infoblox has seen a steady rise of attacks against Multi-Factor Authentication (MFA) via SMS since mid-2022. Over the last 6 months, Infoblox has detected 60-130 MFA “lookalike” domains every week, and we know that recent high-profile attacks on Retool and MGM involved MFA account takeovers. Finally, to evade detection, actors are using malicious link shorteners to hide their true intent. Infoblox recently published original research on Prolific Puma, a DNS threat actor who controls a massive network of domains and supports the criminal economy. This work was reported by Krebs on Security, Darknet Diaries, Bleeping Computer, and many other outlets.

Watch this Infoblox webinar and learn how Infoblox detects threats that are used in SMS attacks.

We will cover:

• How Infoblox discovered Prolific Puma where others did not, and how blocking threats like Prolific Puma at DNS resolution disrupts the cybercriminal economy
• How Infoblox discovered the DNS threat actor Open Tangle, which uses SMS and lookalike domains to steal consumer credentials
• How Infoblox detects and tracks other DNS threat actors, including the multiple Chinese threat actors currently targeting text messaging apps and the US postal service,
• Trends that Infoblox sees in MFA SMS phishing activities, including common targets and TTPs.

Cybersecurity awareness training alone will not protect consumers and organizations from the onslaught of attacks being levied through SMS and texting apps. This webinar will show you what is happening and why DNS detection and response matters in combating SMS cybercrime.