Shauli Zacks
Published on: March 31, 2024
In a recent interview with SafetyDetectives, Ihab Shraim, the Chief Technology Officer (CTO) for the Digital Brand Services division of CSC, delves deep into the realm of cybersecurity, domain security, and the innovative use of ML/AI technologies. With a rich educational background from George Washington University and the MIT Sloan School of Management, Shraim’s journey to becoming a CTO is marked by a relentless pursuit of innovation in technology and problem-solving. At CSC, he spearheads the vision and product revenue growth by focusing on cybersecurity SaaS platforms, leveraging the largest Domain Security data lake in the industry. Shraim’s strategic leadership in technology innovation and product management has not only fueled CSC’s growth but has also earned him recognition as a primary inventor on 10 U.S. patents in the domain and cybersecurity fields.
Could you start by telling us a bit about yourself, your background, and your current role as chief technology officer (CTO) for the Digital Brand Services division of CSC?
In college, I was always interested in learning about how to innovate and solve problems with technology. I have a BS in electrical engineering and computer science from George Washington University. These degrees helped me get started down the path to becoming CTO, in addition to the executive certification program in Strategy & Innovation from the MIT Solan School of Management.
As chief technology officer (CTO) at CSC, I am responsible for the vision, innovation, and product revenue growth within our company’s technology and product management division. Within this, I have a special focus on building and operating cybersecurity SaaS platforms powered by ML/AI to leverage the largest Domain Security data lake in the industry. The platforms power CSC’s cybersecurity, domain security, fraud protection, and brand protection lines of business.
I also devise business strategies to consistently deliver strategic growth through focused technology innovation, software development, product management, go-to-market product strategies, and customer service excellence. Throughout my career, I have developed cutting-edge, patented disruptive cybersecurity technologies and services to deliver consistent year-over-year product revenue growth and profitability. I am also named as primary inventor on 10 U.S. patents in the Domain and cybersecurity fields.
Could you elaborate on the concept of the “galaxy of a domain” and its significance for businesses?
The concept of the “galaxy of a domain” is really simple: it’s meant to show how domain names, which run vital business functions, are in an ecosystem that to any organization should be considered as part of the external attack surface. They live in an environment where domain names along with subdomains can be either compromised (hijacked) literally or maliciously registered where brand lookalikes that are fake websites impersonate a brand for nefarious purposes, such as BEC attacks or phishing and malware distribution attacks. One thing that many people are surprised about is the basic fact that anyone can register a domain name as long as it’s available. So, if you don’t acquire registrations for domains that use your brand or use homoglyphs and other strategies1 to look like your brand, there will always be fraudsters online trying to make money off of your brand and established trust. In turn, this puts both your revenue and reputation at risk, not to mention consumer safety concerns that come into play.
Organizations need to have an online monitoring service to take enforcement action against this fraud. Additionally, these domain attacks are often just preliminary, enabling attacks before bad actors launch full-blown targeted phishing campaign and/or business email compromise (BEC) equipped with a lethal downloadable malware. To prevent initial exploitations, organizations should address the state of their domain landscape and remove the disconnect amongst teams responsible for handling this aspect of digital brand initiatives. Security teams must actively monitor their domains and brands online to reduce the weaponization of web domains using their brand name, or a version of it, for fraudulent activity. Ultimately, securing your domains can be a starting point to literally stop phishing in its tracks.
Why are domains considered central to the operations of a digital enterprise today?
Global businesses rely on the internet for everything—websites, email, authentication, remote access, voice over IP (VoIP), various vendor portals, 3rd party supplier applications, and much more. All of these are vital to maintain business continuity. Company domain names, domain name systems (DNS), and digital certificates are being attacked or compromised with increasing frequency, sophistication, and severity. These are all fundamental components of the most important applications that enable your company to conduct business, including your website, email, and more. When they’re compromised, criminals can redirect websites for financial gain, intercept email to conduct espionage, and even harvest credentials to breach your network. This can have a serious impact on your company’s revenue and reputation. More than 80% of the cyberattacks are launched utilizing a domain name!
What are the key pillars of domain security all CISOs must consider to effectively defend their brands against malicious domain activity?
There are four key areas that organizations and their security teams should prioritize to secure the foundation of their online presence:
- Visibility and Awareness: It’s difficult to secure something if you don’t know it exists. Getting complete visibility into a company’s domain portfolio distribution across gTLD’s and ccTLD’s, registrars, DNS, and the authorized vendors they use is the first step to improving domain security. Being aware of and having visibility into an organization’s entire attack surface is critical to overall domain protection. For example, when appropriate domain security is in place, companies can be aware of existing risks in their supply chain, and as such, can catch threats ahead of time before they progress and lead to major supply chain shutdowns or something more damaging – and preventable.
- Monitoring and Intelligence: Security teams must actively and effectively monitor their domains and brands online to reduce the presence of domain names that could be used to launch fraudulent activity. Companies need better insight into bad actors who may be registering or re-registering look-a-like domains, any search engine typo squatters, social-media tactics to lure victims, and other adversaries attempting to pose as their online brand. This insight can help companies catch security instances as they occur and enforce against them.
- Layered Defense-in-Depth Strategy: Consider applying a cloud-like strategy to your domain. Similar to how shadow IT emerged as a challenge to organizations who did not have complete visibility into cloud deployments, implementing effective domain security ensures you have visibility into all the assets in your domain ecosystem. Before allowing vendors into your cloud infrastructure, they must be properly vetted to prevent security and compliance issues. This ensures that you are only allowing trusted, enterprise grade partners to have access to your domain.
- A Takedown Partner: As the digital landscape expands, the battle against online infringements is fought across many fronts from domain names to social networks to mobile app stores. For brand owners, it’s important to be able to recover digital assets and remove infringing content without costly and time-consuming legal processes. You’ll want to leverage a global enforcement service that includes takedowns and internet blocking to enforce on IP infringements and fraud. The global enforcement service should address the following processes:
- Primary enforcement: Marketplace delistings, social media page suspensions, mobile app delistings, cease and desist letters, fraudulent content removal, and complete threat vector mitigation.
- Secondary enforcement: Registrar-level domain suspensions, invalid WHOIS domain suspensions, and fraud alerting.
- Tertiary enforcement: Uniform Domain Name Dispute-Resolution Policy (UDRP) and Uniform Rapid Suspension (URS) procedures, domain acquisitions, in-depth investigations, and test purchasing.
Can you give me some examples of the tangible impact insecure domains have on business operations today?
Large organizations with diverse brand portfolios and international operations are often unaware of the scale of their globally dispersed, digital footprint. Businesses have been outsourcing to cloud providers for access to new technologies, yet this increase in DNS records opens them up to increased risk. Without proper oversight of digital records and daily monitoring, organizations accumulate “noise” that makes simple cyber hygiene more complex, resulting in easy exploits for cybercriminals.
Along these lines, an interesting example is what can happen to companies in terms of subdomain takeover attacks (or hijacking). Cybercriminals scan infrastructures such as the cloud and publicly available services, which includes searching DNS zone records that point to web services that are no longer used by a brand owner. By hosting content on cloud providers who don’t run verification checks, criminals can request a previously used zone destination and start to receive web users landing on these subdomains loaded with their own illegitimate content, all without infiltrating an organization’s infrastructure or third-party service account.
It was reported by ZDNet that Microsoft was hijacked by bad actors to showcase poker casinos on their subdomains. This buildup of inactive zones that don’t point to content is known as “dangling DNS” and puts companies at risk of subdomain hijacking. Additionally, dangling DNS opens a gateway for other cyberattacks targeting brands such as phishing and malware attacks that can result in revenue loss, data exfiltration, loss in consumer confidence, and reputation damage due to security breaches.
It’s imperative that managing DNS records is a part of today’s cyber hygiene. For more than 20 years, companies have been at risk for mismanagement because they employ different owners, policies, and vendors to manage DNS, which is further complicated if they undergo mergers and acquisitions. In addition, there’s also the inherent fear of deleting anything owners are unsure about.
What are some of the biggest challenges facing businesses in protecting their brands online today?
There are several challenges that we see today with protecting brands online. Cybercriminals are utilizing Generative AI in targeted attack campaigns to achieve higher sophistication and deployment speed. Generative AI also enables bad actors to craft phishing emails that are personalized, targeted, free of spelling errors and with proper grammar, which will make such emails harder to detect. Lastly, Dark Web AI tools such as FraudGPT are currently available which enable bad actors to launch more complex, socially engineered deepfake attacks that manipulate the emotions or trust of targets at even faster rates.
In a world where phishing attacks, business email compromise, and social engineering lead to even more complex attacks—such as malware and ransomware—it’s surprising that CISOs do not pay as much attention to their domain names and the external attack surface. Many are unaware of who their domain registrars are, much less whether they provide the right security. Companies need better insight into bad actors who may be registering or re-registering look-a-like domains in an attempt to pose as their online brand. This insight can help companies catch security instances as they occur and enforce against them.
Historically, many companies don’t understand the depth of the challenges and the growth in the number of channels where infringing activity takes place online. Companies invest time and money into building trusted brands, yet it could all mean nothing if they fall victim to online crime. The best way for companies to protect their brand is to implement an online brand protection program that combines online monitoring and enforcement activities to remove fraudulent content. Complementary solutions— like the use of blocking networks that incorporate partnerships with browser producers, ISPs and other security information and event management service providers (SIEMs) to block fraudulent websites from internet users— can also help to create a more comprehensive approach. Using these methods to track and remediate activity by infringers should also run alongside a program of secure domain name management, allowing the brand owner to administer and protect their own official domain portfolio.