There are more malicious domains online than ever before

Thousands of new domains are registered everyday so that businesses and individuals can build websites but new research from Palo Alto Ne...

Thousands of new domains are registered everyday so that businesses and individuals can build websites but new research from Palo Alto Networks has revealed that cybercriminals often register malicious domains years before they intend to actually use them.

The cybersecurity firm's Unit 42 first began its research into dormant malicious domains after it was revealed that the threat actors behind 2019's SolarWinds hack used them in their attack. To identify strategically aged domains and monitor their activity, Palo Alto Networks launched a cloud-based detector in September of 2021.

According to the findings of the firm's researchers, 22.3 percent of strategically aged domains pose some form of danger with a small portion being straight-out malicious (3.8%), a majority being suspicious (19%) and some being unsafe for work environments (2%).

The reason cybercriminals and other threat actors let a domain is age is to create a “clean record” so that their domain will be less likely to be blocked. Newly registered domains (NRDs) on the other hand are more likely to be malicious and for this reason, security systems often flag them as suspicious. However, according to Palo Alto Networks, strategically aged domains are three times more likely to be malicious than NRDs.

Detecting malicious domains lying dormant

When a sudden spike in traffic is detected, it's often the case that a strategically aged domain is actually malicious. This is because normal websites typically see their traffic grow gradually from when they're created as more people visit a site after learning about it through word of mouth or advertising.

At the same time, domains that aren't intended for legitimate purposes often have incomplete, cloned or questionable content and usually lack WHOIS registrant details as well. Another sign that a domain was registered and intended to be used at a later time in malicious campaigns is DGA subdomain generation.

For those unfamiliar, DGA or domain generation algorithm is a method used to generate domain names and IP addresses that will serve as command and control (C2) communication points used to evade detection and block lists. Just by examining sites using DGA, Palo Alto Networks' cloud-based detector was able to identify two suspicious domains each day.

During its investigation, the cybersecurity firm discovered a Pegasus spying campaign that used two C2 domains registered in 2019 that finally became active two years later in July of 2021. Palo Alto Networks' researchers also found phishing campaigns that used DGA subdomains as well as wildcard DNS abuse.

We've also highlighted the best web hosting, best endpoint protection software and best malware removal software

Via Bleeping Computer

from TechRadar - All the latest technology news



Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,24954,TrendlyNews,9,Video,5,XIAOMI,13,YouTube - 9to5Google,8,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: There are more malicious domains online than ever before
There are more malicious domains online than ever before
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy