Prolific Puma exposed: Infoblox uncover threat actor ally

The service has consistently been successful in evading cybersecurity defences for several years
Infoblox exposes underground service provider ‘Prolific Puma’ as facilitating cybercrime by helping send phishing and malware text messages, urging caution

Infoblox has released a blog post revealing an underground service provider that is helping malicious cyber actors deliver phishing, scams and malware via text messages. 

Named Prolific Puma, the service provider has operated in the shadows unrecognised. Infoblox has detected it through Domain Name System (DNS) and has continued to expand, with new domains registered almost daily.

According to Infoblox, the service provider has been in operation for a minimum three years and uses shortened links from ‘registered domain generation algorithms’ to avoid detection. At a time where businesses are having to combat the increased sophistication of threat actors, being aware of this type of criminal activity is essential.

Link shortening service enables cybercrime

Infoblox’s technology works to provide real-time visibility and control to customers over who and what connects to their network, allowing them to hopefully build safer and more resilient security environments. The company has more than 13,000 customers worldwide and works with some of the world’s most well-known brands, including Airbus, Honda, Barclays, HSBC, and Apple.

Infoblox’s blog serves as an exposé on Prolific Puma, identifying it as a link shortening service and a significant enabler of cybercrime.

The service has consistently been successful in evading cybersecurity defences for several years. The blog also introduces new terminologies to the cybersecurity lexicon, specifically 'Domain Name System (DNS) threat actors' and 'Registered Domain Generation Algorithm' (RDGA). These terms serve to classify and describe the types of entities engaged in cybercriminal activities. 

Prolific Puma is an underground service provider that ultimately aims to aid and abet other malicious actors to evade detection. It also aids the delivery of phishing, scams and malware to consumers and possibly even businesses, with further evidence from Infoblox highlighting that links are primarily distributed via text messages.

The service also leverages RDGAs to create domain names, which are then used as link shorteners and hosted on anonymous service providers to avoid detection of their true activities. Prolific Puma is also a rampant abuser of the usTLD - a TLD (Top Level Domain) supposedly reserved for US citizens and interests, but plagued by cybercrime.

Working to protect private users and businesses

Prolific Puma highlights how DNS can be abused to support criminal activity and remain undetected for years - ultimately leaving private users and enterprises vulnerable to cybercrime.

Infoblox states that working to block Prolific Puma at DNS layers will protect users from all of the malicious content they serve and hopefully disrupt the cybercriminal economy. DNS detection and response systems can work to disrupt Prolific Puma and similar service providers, thereby thwarting all of the threat actors who rely on them to deliver phishing,  scams, and malware. 

This news also comes in the wake of Infoblox having published its 2023 Global State of Cybersecurity Report earlier in 2023. At the time, Senior Director Gabe Luis told Cyber Magazine in an interview: “During the first three months of 2023, over four million domains were added to our Suspicious Feeds … In today’s cyber climate, security teams are under tremendous pressure to protect more with less.”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

Share

Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security