Zscaler, Inc.
Systems and methods for blocking targeted attacks using domain squatting

Abstract:

Systems and methods for identifying and addressing domains suspected as malicious domains used for targeted attacks in a cloud-based system include receiving valid domains; receiving an unidentified domain; comparing the unidentified domain to the valid domains to derive a distance calculation of the unidentified domain to each of the valid domains; determining whether the unidentified domain is a cybersquatting attempt of one of the valid domains based on the comparing; and, responsive to the determining the unidentified domain is a cybersquatting attempt, one of notifying an operator/user and blocking the unidentified domain in the cloud-based system.