Hackers increasingly use “domain shadowing” in Cyberattacks

Share post:

Researchers from Palo Alto Networks uncovered 12,197 instances in which threat actors used “domain shadowing” in cyberattacks.

Domain shadowing is a subcategory of DNS hijacking. It involves threat actors compromising the DNS of a legitimate domain to host their own subdomains for use in malicious activities.

The subdomains are used to create malicious pages on the servers of the cyber criminals, while the websites and DNS records of the domain owner remain unchanged, and the owners do not realize that they have been breached.

According to the researchers, the tactic is lucrative for hackers because it is difficult to detect genuine cases of domain shadowing. Of the 12,197 domains detected, only 200 are marked as malicious, and most of the discoveries related to a single phishing campaign that used a network of 649 shadowed domains on 16 compromised websites.

Although protection against rogue subdomains is the responsibility of domain owners, registrars and DNS service providers, it is important that users remain cautious when submitting data. They are advised to double-check everything before submitting credentials or other sensitive information.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways