Cyber crimeForensicHackerHacking ToolsMalware AnalysispentestingTechWorld
Trending

Alert! Newly registered domains have become latest attack tool for cybercriminals

  • Researchers found that more than 70% of NRDs are malicious or suspicious or not safe for work.
  • This is 70 times higher than that observed in Alexa’s top 10,000 domains.

Newly registered domains (NRD) can be created for perfectly legitimate reasons such as hosting a conference, or for business purposes, but they can be equally misused by threat actors to launch their malicious campaigns.

What is the matter?

A comprehensive case study conducted by Palo Alto Network’s Unit 42 researchers has revealed that more than 70% of NRDs are malicious or suspicious or not safe for work. This is 70 times higher than that observed in Alexa’s top 10,000 domains.

The interesting aspect of these benign NRDs is that some of them are alive only for a few hours or a couple of days. These short-lived newly registered domains are deactivated or removed even before any security vendor can detect them.

Which are the widely used TLDs?

During the analysis from March to May 2019, researchers observed that .com is still the most popular TLD even though it was introduced 34 years ago. It accounted for 33% of all recent NRDs. The second most commonly used TLDs include .tk, .cn, and .uk.

However, when it comes to malicious NRDs, researchers noted that many country-code top-level domains were responsible (ccTLDs) for the increase in the percentage. The highest ratio of malicious NRDs among different TLDs was scored by .to domain, with somewhere between 80-100% of .to domains proving to be malicious. This indicates that the .to TLD includes inexpensive or free registration, a less strict registration policy, and obscuring WHOIS registrant data from public view.

Malicious use of NRDs

Cybercriminals can use NRDs for a variety of malicious purposes including:

  • Hosting the Command-and-Control (C2) infrastructure of attackers
  • Malware distribution
  • Phishing pages
  • Typosquatting domains
  • PUP/Adware distribution
  • Email Spam
  • Online Scams

The bottom line

Overall, newly registered domains are a double-edged sword. While nefarious actors can leverage them for malicious activities, businesses, on the other hand, can use them for launching a new product, creating a new brand or campaign, or building a new personal site.

It is recommended for users to protect themselves against malicious indicators via URL Filtering, DNS Security, and Threat Prevention techniques wherever they are applicable.

Our Score
Our Reader Score
[Total: 2 Average: 5]
Did you like this?
Tip Ankush Gaikwad with Cryptocurrency

Donate Bitcoin to Ankush Gaikwad

Scan to Donate Bitcoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Ankush Gaikwad

Scan to Donate Bitcoin Cash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Ankush Gaikwad

Scan to Donate Ethereum to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Ankush Gaikwad

Scan to Donate Litecoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Ankush Gaikwad

Scan to Donate Monero to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Ankush Gaikwad

Scan to Donate ZCash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some ZCash:

Tags

Ankush Gaikwad

Software/web/App Developer and Cyber Security Investigator

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Close
Back to top button
Close
Close
Open chat
1
Hello
Welcome to CYBRAIN INFOSEC
...you are chatting direct to Mr.Ancush Gaikwad (CTO).Feel free to share your query with him.
REGARDS
CYBRAIN INFOSEC
Powered by