Malicious URLs are still the leading threat in the Cyber Security Landscape. All the incoming URLs are examined instantly by Right-Hand Cyber Security and hence the following three main factors are considered in our URL Classification:
The other factors are:
Static Analysis:
Static Analysis of URL compromises of the following:
HTML Analysis - The HTML patterns used in benign URLs differ from those used in malicious URLs.
URL Reputation over the Internet - The manner in which the domain is viewed or rated on the internet. Malicious URLs have a poor to poor online reputation.
DNS Characteristics - DNS for benign URLs is correctly maintained and registered, whereas malicious URLs are established with the intention of being concealed or not detected using DNS information.
Compliances Obtained by the domain - High-ranking URLs have often acquired some form of worldwide certification.
Open Source AV Reputation - Malicious URLs are blacklisted or referenced in an open-source AV platform.
Dynamic Analysis:
Every Javascript loaded by the URL is analyzed against malicious indicators.
URLs Sibling Record:
The track record of the related URL is also considered. If the domain has a history of being detected as malicious, the new URL for that domain is likely to be malicious as well.
Threat Score:
Threat Score is calculated on the basis of all these categories and they get classified into three segments
Malicious - URL is not safe to use
Suspicious - Users should use caution while visiting these URLs
Safe - URL does not exhibit any malicious characteristics and is safe to use
Real-Time URL Destination:
With hackers becoming more intelligent and creative every day, in order to counteract this, Right-Hand examines the URL's end destination every time it receives one. After acquiring AV trust, hackers may deceive users with a secure destination and then discreetly redirect them to the Malicious destination.
โ
Reanalysis Frequency:
If a URL has been evaluated for more than 7 days, it gets reanalyzed.
โ