Attackers use of domain shadowing is getting more widespread
A report by Palo Alto (Unit 42) researchers indicates that the technique of domain shadowing, a form of DNS hijacking, may be more widespread than previously thought.
Here an attacker compromises the DNS of a legitimate domain – without modifying the DNS entry – to host their own subdomain, and create malicious pages on the attacker’s own server.
These malicious pages are valuable to an attacker, who can use them to make phishing sites, command and control (C2) servers look more legitimate to evade detection and presenting a real threat
The research shows 12,000 cases in web scanning between April-June 2022, with VirusTotal marking only 200 as malicious.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.