Reading:
Disrupt Attacker Infrastructure to Prevent Future Attacks with Takedown Service

Disrupt Attacker Infrastructure to Prevent Future Attacks with Takedown Service

May 31, 2021

Malware and phishing sites harm companies and organizations all over the world. Through removing sites and blocking attack infrastructures, takedown services strive to minimize the return on investment of the attackers so as to lessen the damage caused by these attacks. Takedowns can be performed for the following types of abuse: Phishing, Brand Abuse, Social Media Impersonations and Fake Mobile Applications. This service might include contacting website owners, hosts and even authorities including CERTs to alert them of the harmful information.

Is this legal? What are the legal grounds for takedown services?

In United States and European Union law, notice and takedown is mandated as part of limited liability, or safe harbor, provisions for online hosts (see the Digital Millennium Copyright Act 1998 and the Electronic Commerce Directive 2000). As a condition for limited liability online hosts must expeditiously remove or disable access to content they host when they are notified of the alleged illegality1.

What is the role of ICANN?

ICANN (the Internet Corporation for Assigned Names and Numbers) is a non-profit organization performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract2. ICANN is responsible for ensuring the network's stable and secure operation. ICANN also has the authority to seize the domains based on legal proofs and legal actions.

Domain seizures typically affects three operational elements of the Internet name system domain name registration services, the domain name system (DNS) and WHOIS services and encourages preparers of legal or regulatory actions to consider each when they prepare documentation for a court action3.

What can be taken down?

Website Takedowns

  • Phishing takedowns
  • Malware takedowns
  • Clone takedowns

Mobile App Takedowns

  • Google Play takedowns
  • iOS App Store takedowns
  • Third-party App Store takedowns

Social Media Takedowns

  • YouTube content and/or account takedowns
  • Facebook content and/or takedowns
  • Twitter content and/or takedowns
  • Instagram content and/or takedowns

Code Repository Takedowns

How does Takedown Service work?

Usually, a takedown service follows the procedure below;

  1. A company subscribes to a takedown service.
  2. The company receives an alert about malicious activity such as impersonating a domain. 
  3. Takedown service needed to be requested in order to begin the process.
  4. Takedown process is launched by the takedown service provided and the company is informed.
  5. The alert is removed.

Does time play an important role?

Time is critical for takedowns. The timely removal of malicious sites further reduces any potential harm. A fast takedown time reduces the impact on your brand’s reputation. It also means the risk of your customers or employees falling victim to cyber-attacks is minimized quickly.

Why use takedown services instead of a lawyer?

Using a takedown service is usually faster and cheaper.

What are the benefits of Takedown services?

  • As businesses use new digital avenues to engage customers, cybercriminals have followed pace by impersonating well-known companies, supporting fraud campaigns, and benefiting from naïve clients. Organizations must broaden their external monitoring and enforcement to take down campaigns that impersonate their brand, infringe on trademarks, and threaten customers.
  • Takedown service enables to detect and prevent many phishing sites when first viewed before the phishing emails are even sent by the criminals.
  • Takedown service allows you rapid and active response to cyber threats and protects your digital assets and your organization’s reputation.
  • Using takedown service can save you time and resources.

Who is the best takedown service provider in the market? 

SOCRadar provides the best takedown service available in the market for sure. SOCRadar Digital Risk Protection Platform’s Integrated Takedown module is designed to act rapidly and minimize the impact of threat actors on your brand reputation and cyber security posture by utilizing its worldwide contact network to request removal. SOCRadar’s trained takedown analysts consider several aspects for initiation ranging from the geographical region where the illegitimate content is hosted to the type of evidence for submission to speed up the takedown process. Remove the procedural hurdles by taking advantage of SOCRadar’s integrated service.

SOCRadar provides a number of takedown solutions across a range of products including but not limited:

  • Phishing URL Takedown
  • Phishing URL Mail Server Takedown
  • Malware Spreading URL Takedown
  • Malware Spreading URL Mail Server Takedown
  • Brand Abuse URL Takedown
  • Brand Abuse URL Mail Server Takedown
  • Content of Sensitive Data Github File Takedown
  • Impersonating Facebook Account Takedown
  • Impersonating Youtube Account Takedown
  • Impersonating Twitter Account Takedown
  • Impersonating Instagram Account Takedown
  • Content of Sensitive Data Paste Websites File Takedown
  • Rogue Mobile Application Takedown
  • Removing Company Assets from Blacklists 

How is the SOCRadar Takedown Service different from any other takedown service?

SOCRadar has a team that provides 24x7x365 services to its customers and is responsible for takedown processes. This team is the SOCRadar Takedown Analyst Team (STAT) consisting of cyber threat intelligence analysts. Each type of threat to be taken down has different difficulties. STAT treats each incident as a different case. STAT has created the fastest and most practical takedown solutions with the findings it has encountered and obtained as a result of its research. These solutions are tested and applied solutions. STAT has tried to improve the takedown process by analyzing the TTPs of the attackers.

  • Initiate rapidly: Just one-click to initiate the process upon detection.
  • Status tracking: Monitor the takedown progress on the portal.
  • Global reach: Takedown globally to protect your global operations.

Wish you to try SOCRadar Takedown Service for free?

Contact us at [email protected]


Discover SOCRadar® Community Edition for free

With SOCRadar® Community Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.


References

[1] The Role of Internet Intermediaries in Advancing Public Policy Objectives. OECD Publishing.
[2] ICANN Annual Report
[2] Guidance for Preparing Domain Name Orders, Seizures & Takedowns