Hackers are Actively Using the new.zip Domain for Malicious Attacks

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Top-Level Domains (TLDs) have been extremely popular ever since the emergence of the internet. ICANN is the organization that is responsible for these TLD registrations.

Domains ending with any characters like .xyz, .top, etc., are being registered by this ICANN.

In addition to TLDs, there is a “gTLD” program in which companies can register their own trademark as a TLD. For instance, “google.com” can be named as “.google.” 

However, gTLD is not cheap and there is a very low success ratio. There have been dozens of gTLDs approved recently and are currently in use.

Google has applied for several gTLDs previously, in which “.zip” was also one of them. It was approved in 2014, as per reports.

Google announced the release of eight new options: .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus.

.Zip Domain Security Risks

Security experts have warned that the new ‘.zip’ top-level domain (TLD) could facilitate the spread of malware and undermine legitimate sources.

Some of the .zip domains registered recently

Here is a phishing attack that uses the.zip domain.

The other TLDs were made to tie in with specific job titles; concerns have been raised about the potential for the two that resemble file extensions – ‘.zip’ and ‘.mov’- to be used by hackers seeking to trick unsuspecting users into entering malicious domains.

The .zip zone file consists of just 1230 names as of now which were extracted from the “Centralized Zone Data Service” at czds.icann.org

Johannes Ullrich, Dean of Research at SANS, said that compared to other gTLDs, the .zip poses a big threat to organizations. Threat actors have already started to buy these domains, which can be used later for malicious purposes.

Two domains have been registered under the name “update.zip” and “installer.zip” recently. Software nowadays can automatically attach hyperlinks to ZIP file names that are shown as text.

Threat actors can leverage this as software can be leaking DNS queries to these domains, which can expose several sensitive data. However, there has been no proven evidence for this kind of attack, but there is a possibility for this.

Attackers are emerging with their attack techniques and their TTPs. The current release of .zip domains can allow threat actors to conduct several other attack vectors that can result in massive damage to organizations.

Also, he noted that the price for the .zip domain dropped from the date of introduction, which explains the increased interest these last couple of days.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus