• XRATOR
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Cyber Attacks

How Cybercriminals are Exploiting Abandoned Domains

Cybercriminals can use a combinaison of Domain Aging and Broken links to conduct cyber attacks and launch phishing campaign.

Gert Van de VenbyGert Van de Ven
January 24, 2023
in Articles, Cyber Attacks, Cybercrime, Vulnerability & Weakness
0
How Cybercriminals are Exploiting Abandoned Domains

In today’s digital age, domain names are a crucial part of our online presence. They act as the virtual address for our websites, and are an essential part of our online identity. However, what happens when these domains are no longer in use? As it turns out, abandoned domains can pose a significant risk to both individuals and organizations.

What is Domain Aging?

When a domain expires, the registration period ends and the domain becomes available for anyone to register. The domain’s DNS server also shuts down, and the domain’s website, email, and other associated services become unavailable.

Domain expiration can also occur when a company or organization decides to stop using a particular domain name, but does not renew the registration. In this case, the domain name will still be on file for the organization, but the domain name will no longer be in active use. This can happen when an organization is rebranding and decides to use a new domain name, or when an organization decides to focus on a different product or service and no longer needs the domain.

Often, domain obsolescence occurs unintentionally, when the domain holder forgets to renew the registration, or when the domain holder’s contact information changes and the domain registrar is unable to contact them to renew the registration.

The problem with domain expiration is that it can open the door for cybercriminals to take advantage of the domain. Since the domain is not being actively used, it is at risk of being used in phishing campaigns and other types of cyber attacks.

How cybercriminals exploit Domain Aging?

Broken link attacks are one of the most common ways cybercriminals exploit abandoned domains. These attacks involve the creation of replica websites using an abandoned domain. The attacker will then use the replica Web site to trick users into visiting the site and providing them with sensitive information. This information may include login credentials, financial information, or personally identifiable information.

Abandoned domains can also be used in phishing campaigns in addition to broken link attacks. Phishing is a tactic used by cybercriminals to steal personal information by tricking individuals into providing it to them through the use of fake login pages or other forms of deception. Through the use of an abandoned domain, cybercriminals can create a sense of legitimacy and increase the chances of success for their phishing attempts.

Finally, retired domain names with interesting names are very attractive to scammers who can repurpose the site to conduct a massive scam campaign.

The use of abandoned domains in cyberattacks is not only a threat to individuals, but can also negatively impact brand reputation. This may cause confusion and distrust among consumers.

The CashRewindo Case

CashRewindo is a sophisticated threat actor, discovered by the firm Confiant, who has been using “aged” domains in global malvertising campaigns that lead to investment scam sites. These campaigns involve the injection of malicious JavaScript code in digital ads promoted by legitimate advertising networks, taking website visitors to pages that host phishing forms, drop malware, or operate scams.

The threat actor uses domains that have aged for at least two years before they are activated, in order to bypass security platforms. The security firm Confiant has identified at least 487 domains used by this particular threat actor, some of which have been registered as far back as 2008 and used for the first time in 2022. The malicious ads also feature a tiny red circle that helps confuse computer vision detection modules, making it difficult for them to catch the fraud.

Each CashRewindo campaign targets a particular audience, so the landing pages are configured to either show the scam or an innocuous or blank page for invalid targets. This is done by checking the timezone, device platform, and language used on the visitor’s system.

Monitor your domain name

The risk of an abandoned domain isn’t just for the targeted users. It’s also for the company that owns the domain. Because the company is no longer using the domain, it may not be aware that it is being used to cyber-attack.

This can lead to a lack of responsibility for the attack, and the company may not be held accountable for any damages caused.

To protect against the dangers of aging domains, it is important for organizations to regularly monitor their domains and ensure that they are properly maintained. This includes: Renewing the domain registration, updating contact information, and keeping the domain active.

Consumers can also guard against these risks and exercise caution when clicking on links or entering personal information online. Always check the website’s authenticity before providing sensitive information, and beware fake websites.

Conclusion

While domain expiration may seem harmless, it can be an opportunity for cybercriminals. Cybercriminals can put individuals and organizations at risk by using abandoned domains to launch broken link attacks and phishing campaigns.

While individuals should be cautious when clicking on links or entering personal information online, it is important for organizations to regularly monitor their domains and ensure they are properly maintained.

Tags: Broken LinksCashRewindoDNSDomain AgingDomain name

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • Cybercriminals regularly hack into individual and organization network. They may steal password to sell them on the darkweb.

    4 websites to check if your password is in the darkweb

    0 shares
    Share 0 Tweet 0
  • 10 Essential Tools for IoT Pentesting

    0 shares
    Share 0 Tweet 0
  • Threat Modeling : from Software Security to Cyber Risk Management

    0 shares
    Share 0 Tweet 0
  • 8 TV Shows and Movies about Personal Data Abuse

    0 shares
    Share 0 Tweet 0
  • The Code Knight: Mastering the Craft of Defensive Programming

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Uncategorized
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}