".Zip" top-level domains draw potential for information leaks

Views:505 Time:2023-06-14 00:01:03 Author: NiceNIC.NET

".Zip" top-level domains draw potential for information leaks | NiceNIC.NET

Google's recent offering of the ".zip" top-level domain (TLD) has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals.


As a result of user applications increasingly registering actual ".zip" files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file's name to any actor monitoring the associated DNS server.


Leaked filenames can be extremely valuable to advanced adversaries who may use this information in a variety of ways, including in lures masquerading as internal company documents and archives for social engineering and infecting targets.

Top-level domains and file extensions.


As a result of Google's announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the ".zip" domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the ".zip" domain as a way of letting an audience know that a domain's owner is "fast, efficient, and ready to move." However, the move presents serious concern that domains using the ".zip" filename format could be confused with legitimate filenames, and vice versa, compounding the problem of users recognizing potential phishing attempts.

 

Google Domains page for the new ".zip" TLD showing prices to acquire a new domain.

In a very short period of time, the general availability of the ".zip" TLD has led to a suspiciously high volume of domains being registered that resemble a wide variety of internal company filenames. Owning and controlling these domains can benefit attackers by leaking filenames via automatic DNS resolutions or using these domains as launch points for potential exploits and malware artifacts. Cisco's Umbrella telemetry and open-source research indicate that many of these domains may be used for malicious attacks in the future.

 

Aggregate data for new domains registered under the TLDs offered by Google since May 3, 2023, shows that ".zip" is the most popular extension by a large margin.

 

Domaintools statistics of new domains registered for each new TLD offered by Google since May 3, 2023, show the ".zip" TLD outpacing all others.


".Zip" top-level domains draw potential for information leaks | NiceNIC.NET

 

Source from Domain Name Wire

 

Domain Name - Register Domain - Transfer Domain - Bitcoin - USDT

.COM $11.99, .ORG $12.99, .HK $16.99

https://nicenic.net/

ICANN & Verisign & HKIRC Accredited Registrar

Shared Hosting & Dedicated Server Provider (HK)

  • Follow
  • facebook twitter Pinterest blogspot VK
  • Address
  • Room 1704 Hang Lung Center
    Paterson Street, Causeway Bay, Hong Kong
    support###nicenic.net (change the ### to @)
Copyright © 2012-2024 NICENIC INTERNATIONAL GROUP CO., LIMITED All Rights Reserved