New Phishing Attacks Use .ZIP to Target


            Brands


            By Eric George, Director of Solutions Engineering, Fortra


            Researchers at Fortra have observed cybercriminals abusing New Top-Level Domain .zip in two separate
            phishing campaigns targeting a large social media conglomerate and global technology company. These
            are the first attacks identified by PhishLabs that use Google Registry’s recently released.zip TLD.

            TLDs resembling common file extensions are capable of shrouding the distinctions between a legitimate
            domain and a scam. As of July 2023, the IANA database represents 1,591 top-level domains (TLDs),
            including the eight announced by Google on May 3: .zip, .dad, .phd, .prof, .esq, .foo, and .mov. The risks
            associated with new TLDs .zip and .mov have specifically been a source of controversy, with .zip already
            emerging in large scale campaigns (referenced below).


            TLDs can be used or abused in any number of ways as threat actors register and manipulate URLs to
            serve their own malicious purposes. Humans are liable to mistake the URL for a legitimate file, while







            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          146
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.