When browsing the web we can find many threats, many types of attacks that could compromise our security. It is true that we also have methods to protect ourselves, with tools that can prevent the entry of malicious software. Yet hackers constantly perfect their techniques. In this article, we are going to talk about what a domain cloaking attack , also known as shadowing, is. Let’s see how it affects.
What is a domain cloaking attack
A domain cloaking attack consists of taking control of a web domain. This means having the access credentials and being able to create DNS records for new subdomains. In this way, the attacker can create an infinite number of subdomains and thus avoid the techniques of blocking sites or IP addresses.
The objective of this is to redirect the resolutions to IP addresses that correspond to the attacker. They usually organize subdomains in levels. It is a type of attack that has been carried out for many years. The technique is available in different kits that attackers can use.
We can say that a good, legitimate domain becomes a danger. Ultimately, what this type of attack allows is to configure a domain as you want. Someone taking full control can target certain maliciously configured subdomains to attack.
This can lead to that domain being blocked, as it would be considered dangerous. In this way, a legitimate and safe web page that does not represent any problem could become the opposite due to a shadowing attack .
If we go to a practical example, let’s say we have a domain.com page. An attacker manages to access that domain and later generates multiple subdomains, such as site.domain.com, page.domain.com, home.domain.com… These subdomains have a nomenclature based on common words. They form an initial level where entry pages are housed.
What these subdomains do is redirect users to other subdomains with a random nomenclature such as 38dsf1.domain.com. You might even see another level. After all this is over, the victim reaches the final subdomain, which can host a malicious exploit.
With all this that we mentioned, the attacker manages to avoid blocking and detection. The IP addresses of the subdomains tend to rotate frequently and thus achieve greater evasion to succeed in attacks.
How to avoid domain cloaking attacks
As we can see, this is something that could happen when browsing the Internet. We could come across a web page, a domain, that has previously suffered an attack. That site could be dangerous and lead us to a subdomain from where to start downloading a malicious exploit. Let’s see what we can do to avoid problems.
Always have a good antivirus
Something basic and that cannot be missing from any computer, regardless of whether we are talking about a computer or a mobile phone, is to have a good antivirus . Having security tools can protect us in case of suffering some kind of problem like the one we mentioned.
We already know that there are many varieties of attacks and malicious software that in one way or another could compromise the proper functioning of systems. Having an antivirus capable of preventing this problem and eliminating it if necessary is very important.
Keep systems up to date
Of course we must also keep the systems updated at all times. Sometimes malicious exploits that can attack a computer through domain cloaking could take advantage of existing vulnerabilities. We can easily fix this by installing patches and updates.
Check the visited domains and do not expose data
Taking into account the domains we are visiting at all times could also help us prevent this type of problem. It is essential to recognize those that may be a hazard. In addition, we must avoid exposing data beyond what is necessary when browsing pages that are not entirely reliable.
Common sense
Last but perhaps most important: common sense . Avoid errors when browsing, do not open attachments that may be malicious, take care of the links we visit … All this can avoid undesirable problems that put our security at risk.
Ultimately, domain cloaking attacks could seriously compromise a trusted web page and turn it into a dangerous site. It is important that we always maintain security when browsing and thus avoid problems that may alter the proper functioning of the devices.