Cybercriminals use domain squatting techniques for abusive activities like phishing, malware distribution, or hosting fraudulent content, which can result in significant reputational damage for the brand and monetary losses for its customers. NordStellar, a next-generation threat exposure management platform, introduces its new AI-driven cybersquatting detection feature to safeguard enterprises by identifying and notifying businesses about cybersquatting incidents, providing actionable insights to help stop cybercriminals in their tracks.
“NordStellar’s cybersquatting feature automatically detects old and newly registered domains that closely resemble other brands. We take it a step further with an AI-powered solution that analyzes intent, assesses risk levels, and recommends next steps — reducing response time and helping prevent attacks before they escalate,” says Vakaris Noreika, head of product at NordStellar.
Domain squatting, also known as cybersquatting, involves registering, trafficking, or using a domain name to profit from a trademark belonging to someone else. Over the past year, companies like DeepSeek and Temu were heavily targeted by cybersquatting. However, they’re not alone — the World Intellectual Property Organization (WIPO) named 2024 the second busiest year since 1999 regarding domain name disputes, registering 6,168 cases. According to WIPO, cybersquatting is one of the leading reasons for the growing number of cases.
Cybercriminals use various domain manipulation techniques to register domain names similar to the original ones. Some of the most popular methods include typosquatting, which exploits common misspellings (such as nordstelar.com instead of nordstellar.com), addition, which adds characters to a legitimate domain name (like nordstellarr.com), and replacement, which replaces characters (like nordsterall.com). Besides the 16 different domain name manipulation techniques that NordStellars’ cybersquatting detection feature tracks, hackers also exploit expired domains, hijacking and repurposing them for malicious activities.
NordStellar’s cybersquatting protection feature stands out by providing its clients with comprehensive monitoring that checks newly registered domains and tracks the expiration dates and changes to existing domains. The feature is equipped with advanced algorithms for accurate identification beyond basic string comparison.
“Enabling proactive monitoring and mitigating domain-based threats improves businesses’ security posture as well as reduces the risk of their customers falling victim to phishing attacks or malware infections,” says Noreika. “Additionally, the new cybersquatting feature seamlessly integrates with other existing security information and event management (SIEM) and security workflows, enhancing the efficiency of analysis and response.”
How it works:
- Continuously monitors for domain registrations and changes.
- Analyzes detected risks and assesses their severity using similarity algorithms, threat intelligence feeds, and information from the internet record listing WHOIS to determine risk.
- Implements AI-powered analysis to examine detected threats further, providing detailed information, including specific threat types, confidence and severity levels, supporting evidence, and recommended remediation actions — investigating the domain further, initiating a takedown request with the registrar, or blocking the domain at the network level.
- Provides real-time alerts and notifications via email, Slack, and in-platform notifications based on configurable criteria, such as event type and risk level.
- Offers detailed investigation of each suspicious domain, including screenshots, redirect chains, WHOIS information, and similarity metrics.
- Allows security teams to resolve and track the status of the identified threats.
The cybersquatting feature is now available to all NordStellar users.