Cyber Crime & ForensicCyber SafetyPress Release

Infoblox Discovers Shadowy Link Shortening Service Fuelling Cybercrime

Photo of CSA Editorial CSA Editorial Send an email November 3, 2023
1 minute read

Infoblox has recently published a whitepaper reporting a large underground link shortening service, which has been dubbed Prolific Puma. An enigmatic player in the underground world of cybercrime, Prolific Puma has emerged as a central figure in aiding and abetting malicious actors in their endeavors to evade detection. Specializing in the distribution of phishing schemes, scams, and malware, their activities are primarily channeled through text messages, targeting both consumers and potentially enterprises.

This revelation marks a significant milestone in the realm of cybersecurity, as it represents the first comprehensive account of a DNS threat actor operating a large-scale link shortening service, integral to the US$8 trillion annual cybercriminal economy.

This discovery did not originate from the usual malware or phishing sites but emerged through the meticulous analysis of DNS data. Prolific Puma’s impact extends beyond their immediate actions, as blocking them at the DNS layer has the potential to safeguard users from the full spectrum of malicious content they propagate. By disrupting their operations, we can effectively disrupt the cybercriminal supply chain and a larger segment of the criminal economy.

Operating from at least 2020, Prolific Puma leverages the use of RDGAs (Registered Domain Generation Algorithms) to craft domain names, which are subsequently employed as link shorteners. To ensure their activities remain obscured and undetected, these domains find a home on anonymous service providers.

Furthermore, Prolific Puma has raised eyebrows with its rampant abuse of the usTLD, a top-level domain originally reserved for U.S. citizens and organizations, which has become plagued by cybercrime. In a turn of events, they have managed to circumvent transparency requirements for the usTLD, converting nearly 2,000 domains to private registrations since October 4th.

As this underground service provider’s operations continue to evolve, the revelations surrounding Prolific Puma demonstrate how the DNS can be abused to support criminal activity and remain undetected for years. Organizations can thwart such activities by blocking access to suspicious domains with adequate DNS detection and response systems in place.

Tags
Photo of CSA Editorial CSA Editorial Send an email November 3, 2023
1 minute read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

81% of Malaysians Have Adopted Digital Cards for Convenience and Security, states IDEMIA Secure Transactions Global Study

October 4, 2024

Infoblox Unveils Game-Changing Universal DDI™ Product Suite to Help NetOps, SecOps, and CloudOps Work Better Together

October 4, 2024

The Costs of Cyber Attacks: How One Breach Can Sink Your Business

October 4, 2024

Building Digital Trust in Malaysia: Essential Steps Every Organisation Should Take

October 4, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net