Article
Cyber Security

Prolific Puma exposed: Infoblox uncover threat actor ally

By Amber Jackson
November 03, 2023
undefined mins
The service has consistently been successful in evading cybersecurity defences for several years
The service has consistently been successful in evading cybersecurity defences for several years
Infoblox exposes underground service provider ‘Prolific Puma’ as facilitating cybercrime by helping send phishing and malware text messages, urging caution

Infoblox has released a blog post revealing an underground service provider that is helping malicious cyber actors deliver phishing, scams and malware via text messages. 

Named Prolific Puma, the service provider has operated in the shadows unrecognised. Infoblox has detected it through Domain Name System (DNS) and has continued to expand, with new domains registered almost daily.

According to Infoblox, the service provider has been in operation for a minimum three years and uses shortened links from ‘registered domain generation algorithms’ to avoid detection. At a time where businesses are having to combat the increased sophistication of threat actors, being aware of this type of criminal activity is essential.

Link shortening service enables cybercrime

Infoblox’s technology works to provide real-time visibility and control to customers over who and what connects to their network, allowing them to hopefully build safer and more resilient security environments. The company has more than 13,000 customers worldwide and works with some of the world’s most well-known brands, including Airbus, Honda, Barclays, HSBC, and Apple.

Infoblox’s blog serves as an exposé on Prolific Puma, identifying it as a link shortening service and a significant enabler of cybercrime.

The service has consistently been successful in evading cybersecurity defences for several years. The blog also introduces new terminologies to the cybersecurity lexicon, specifically 'Domain Name System (DNS) threat actors' and 'Registered Domain Generation Algorithm' (RDGA). These terms serve to classify and describe the types of entities engaged in cybercriminal activities. 

Prolific Puma is an underground service provider that ultimately aims to aid and abet other malicious actors to evade detection. It also aids the delivery of phishing, scams and malware to consumers and possibly even businesses, with further evidence from Infoblox highlighting that links are primarily distributed via text messages.

The service also leverages RDGAs to create domain names, which are then used as link shorteners and hosted on anonymous service providers to avoid detection of their true activities. Prolific Puma is also a rampant abuser of the usTLD - a TLD (Top Level Domain) supposedly reserved for US citizens and interests, but plagued by cybercrime.

Working to protect private users and businesses

Prolific Puma highlights how DNS can be abused to support criminal activity and remain undetected for years - ultimately leaving private users and enterprises vulnerable to cybercrime.

Infoblox states that working to block Prolific Puma at DNS layers will protect users from all of the malicious content they serve and hopefully disrupt the cybercriminal economy. DNS detection and response systems can work to disrupt Prolific Puma and similar service providers, thereby thwarting all of the threat actors who rely on them to deliver phishing,  scams, and malware. 

This news also comes in the wake of Infoblox having published its 2023 Global State of Cybersecurity Report earlier in 2023. At the time, Senior Director Gabe Luis told Cyber Magazine in an interview: “During the first three months of 2023, over four million domains were added to our Suspicious Feeds … In today’s cyber climate, security teams are under tremendous pressure to protect more with less.”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

CyberCyber AttacksDigital Transformationdata protectionCybercrimeinfoblox
Share
Share

Featured Articles

Norton: Report Highlights Rising Trend of AI Dating Scams

Norton report shows that as AI becomes more sophisticated and accessible, so do the risks of romantic scams conducted via AI

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Technology & AI

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security