Named Prolific Puma, the service provider has operated in the shadows unrecognised. Infoblox has detected it through Domain Name System (DNS) and has continued to expand, with new domains registered almost daily.
According to Infoblox, the service provider has been in operation for a minimum three years and uses shortened links from ‘registered domain generation algorithms’ to avoid detection. At a time where businesses are having to combat the increased sophistication of threat actors, being aware of this type of criminal activity is essential.
Link shortening service enables cybercrime
Infoblox’s technology works to provide real-time visibility and control to customers over who and what connects to their network, allowing them to hopefully build safer and more resilient security environments. The company has more than 13,000 customers worldwide and works with some of the world’s most well-known brands, including Airbus, Honda, Barclays, HSBC, and Apple.
Infoblox’s blog serves as an exposé on Prolific Puma, identifying it as a link shortening service and a significant enabler of cybercrime.
The service has consistently been successful in evading cybersecurity defences for several years. The blog also introduces new terminologies to the cybersecurity lexicon, specifically 'Domain Name System (DNS) threat actors' and 'Registered Domain Generation Algorithm' (RDGA). These terms serve to classify and describe the types of entities engaged in cybercriminal activities.
Prolific Puma is an underground service provider that ultimately aims to aid and abet other malicious actors to evade detection. It also aids the delivery of phishing, scams and malware to consumers and possibly even businesses, with further evidence from Infoblox highlighting that links are primarily distributed via text messages.
The service also leverages RDGAs to create domain names, which are then used as link shorteners and hosted on anonymous service providers to avoid detection of their true activities. Prolific Puma is also a rampant abuser of the usTLD - a TLD (Top Level Domain) supposedly reserved for US citizens and interests, but plagued by cybercrime.
Working to protect private users and businesses
Prolific Puma highlights how DNS can be abused to support criminal activity and remain undetected for years - ultimately leaving private users and enterprises vulnerable to cybercrime.
Infoblox states that working to block Prolific Puma at DNS layers will protect users from all of the malicious content they serve and hopefully disrupt the cybercriminal economy. DNS detection and response systems can work to disrupt Prolific Puma and similar service providers, thereby thwarting all of the threat actors who rely on them to deliver phishing, scams, and malware.
This news also comes in the wake of Infoblox having published its 2023 Global State of Cybersecurity Report earlier in 2023. At the time, Senior Director Gabe Luis told Cyber Magazine in an interview: “During the first three months of 2023, over four million domains were added to our Suspicious Feeds … In today’s cyber climate, security teams are under tremendous pressure to protect more with less.”
Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.