Page 146 - Cyber Defense eMagazine September 2023
P. 146
New Phishing Attacks Use .ZIP to Target
Brands
By Eric George, Director of Solutions Engineering, Fortra
Researchers at Fortra have observed cybercriminals abusing New Top-Level Domain .zip in two separate
phishing campaigns targeting a large social media conglomerate and global technology company. These
are the first attacks identified by PhishLabs that use Google Registry’s recently released.zip TLD.
TLDs resembling common file extensions are capable of shrouding the distinctions between a legitimate
domain and a scam. As of July 2023, the IANA database represents 1,591 top-level domains (TLDs),
including the eight announced by Google on May 3: .zip, .dad, .phd, .prof, .esq, .foo, and .mov. The risks
associated with new TLDs .zip and .mov have specifically been a source of controversy, with .zip already
emerging in large scale campaigns (referenced below).
TLDs can be used or abused in any number of ways as threat actors register and manipulate URLs to
serve their own malicious purposes. Humans are liable to mistake the URL for a legitimate file, while
Cyber Defense eMagazine – September 2023 Edition 146
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.