For the report, High-Tech Bridge analyzed domains of the leading cybersecurity companies from the NASDAQ’s NQCYBR index, as well as few private but well-known cybersecurity companies. They used Domain Security Radar for this purpose, a free online service designed to detect cybersquatting, typosquatting and phishing domains for a particular brand or Internet domain.
The statistics within the research show how each company fares under categories of domain squatting; traffic theft – the highest percentages were reported under this category; brand theft; malicious activity and unknown (other).
Interesting examples from the research include:
Dangerous cases are websites like "trendmicrow.com" that collects personal data of Trend Micro customers pretending to be Trend Micro support. A Symantec's domain with typo "sytmantec.com" redirects users to random websites, hosting adult content and malware.
Country or altered domains of well-known cybersecurity brands, like "akamai.ru", "junipernetworks.cn", "kasperskysupport.com" or "ciscogroup.com" are being squatted by scammers who try to resell them, and are parasitizing on the original brand value.
Some of the domains with visual mutations, take "junlper.net" (that looks exactly like the original brand name in CAPS) were used for phishing in the past, however now seems to be operated by Kaspersky (according to IP history) that probably uses it to gather threat intelligence information.
Other domains try create an impression of being a legitimate part of the brand. Owned by a private person with aol.com email and PO Box address "baesystemsstore.com" hosts a web shop selling some goods not related to the original brand.
Some of the domains, like "lifelock.org", which is registered via proxy, is live and even has a valid SSL certificate, however has nothing to do with the original brand. The website in question seems to resell the original LifeLock services via their affiliate program, using the following track URLs pointing to the original LifeLock's website: 'https://store.lifelock.com/enrollment?promocode=ORG30&cid=aff_fingerflip_'
There is a similar story is with "paloaltonetworks.cz" that redirects users to a website of one of the Fortinet resellers, a direct competitor to Palo Alto Networks. Owned by a private company in Prague, the domain has nothing to do with the Palo Alto brand.