When browsing the Internet we have at our disposal a wide variety of websites. However, keep in mind that not all of them are safe, far from it. Pages that are created for the sole purpose of attacking users abound. They look for ways to steal information and obtain data or infect with some variety of malware. In this article we are going to talk about what malicious domain registrations are and how they can affect our security.
What are malicious domains
As we know, creating a web page, having your own domain, is something that is available to anyone. We simply have to choose a name and use a platform that allows us to register that address. Of course, logically that domain has to be free. This means that anyone can create a website from scratch in no time and without the need for extensive knowledge.
Now those pages, those domains, can be registered for the sole purpose of attacking. They could maliciously configure a website in order to steal information, confuse users or even distribute malware. This is something that is very present nowadays and they mainly use names, platforms and organizations that are very common or are in fashion at any given time. The objective is none other than to put users’ security and privacy at risk.
Therefore we can say that the registration of malicious domains is basically what we mentioned above: websites that are created solely for the purpose of carrying out some malicious action. For example, being a site to carry out Phishing attacks, offer the download of files that are actually malware, spy, etc.
We can find thousands and thousands of websites, domains, related to a specific topic. Especially if that topic is very popular, in vogue, or bumpy at one point, it can make hackers focus on it and create malicious domains in large numbers.
This is what is happening right now with everything related to the Covid-19 pandemic. Thousands of domain registrations have been created and many of them are malicious. They seek to reach the victim for the sole purpose of infecting systems, distributing malware, or stealing passwords.
Of course, not all are malicious. Many Internet users can create domains related to a theme simply to take advantage of the occasional pull of something in particular for profit, but nothing that is not legitimate (news site, opinion articles, etc.).
How Malicious Domains Affect
The problem comes when those domain registrations actually become malicious and put users’ security at risk. They can pretend to be legitimate and sometimes even imitate the name of an organization or company. They may include a hyphen, number, or slightly vary the name. They may even be using another domain extension (.com, .es, .org…). The objective is, as we say, to attack users. Deceive the victim into biting into phishing attacks, downloading malware, or taking any action to compromise privacy and security.
Here again we return to what we mentioned earlier. They can use a theme, a word or a phrase, which are very present in society. Let’s take Covid-19 as an example. They can create related domains and not all of them are going to be legitimate. They can make users believe that they are dealing with something official, something that can really help them or provide them with truthful information. However they could hide something.
A malicious domain can be used for Phishing attacks . As we know, it is the technique that hackers use to steal passwords from users. They pose as a real, legitimate organization or company, but in reality it is false; They are based on the trust that the user puts when logging in or giving their data and actually end up on a server controlled by the attackers.
It may also be the place where some type of software or download file is offered. Take for example the distribution of a PDF with information about the Covid-19 pandemic that many users are looking for at any given time. However, when it comes to downloading that PDF that supposedly should contain statistical data, for example, we are downloading some variety of hidden malware.
How to avoid falling victim to malicious domains
Here without a doubt the most important thing is common sense . We must never trust any domain that we find and that we can receive through social networks, email or instant messaging applications. Many times they can seem legitimate, since they try to pretend that they are. You have to observe very well the extension of the domain, as well as the content in general.
It is also interesting to have security tools . A good antivirus can prevent the entrance of malware in the event that we get to download a malicious file. It can help us protect our system. In addition, there are extensions and plugins that we can install in most modern browsers that help us detect threats. Some extensions can warn when we enter a URL that is a problem for our security and, ultimately, can put our computers at risk.
Everything we discuss about security tools must be applied regardless of the operating system or device we are using. There is no system that cannot suffer some type of threat, although it is true that the biggest security problems are concentrated in those with the most users. Ultimately, hackers set their sights where they are most likely to succeed.
We must also keep the latest patches and updates . Sometimes vulnerabilities arise that can be exploited by hackers to carry out their attacks. If we correct these security flaws, our system can be protected against certain attacks. This is very important, since many of the attacks come precisely because of this type of problem. We always need to have the latest versions either at the operating system level or any tool we are using. Again, it does not matter what type of system or equipment we use, as they could all be vulnerable at any given time.
In short, the registration of malicious domains is a very present problem in the network. In recent times we have seen that false domains that simulate being legitimate have grown by taking advantage of situations like the one we are experiencing during this pandemic.
Another example is the fact that many users are currently telecommuting and therefore use tools that they did not use before. One that has become very popular is Zoom, which is designed for video conferencing. Well, hackers are also taking advantage of it and there are many pages with malicious domains that have been created around Zoom. The goal, the same as always: try to steal the credentials and passwords of the users, as well as distribute malware.
