Top Level Domain Threat. What is it and how does it affect you and your business?
It is commonly known that domains end in “.com” or “.com.au”. These are called Top Level Domains (TLDs). As the number of available names under these well-known TLDs reduces we have seen organisations try to solve this by picking weird and wonderful names that are misspelled to try and find an available name, or by switching to lesser known TLDs such as “.io”, “.co”, or even “.sydney” (Brisbane is yet to get it’s own recognition as a TLD).
Often users assess the trustworthiness of a site by the TLD, with more authority given to a domain like “Envisageit.com.au” over “Envisageit.Sydney”. Google has recently created another trust issue with the domain suffix’s by releasing TLDs that are the same as some common File Extensions, .zip and .mov.
.zip is a compressed file format used by Windows, while .mov is Apple’s common video file format (seen in programs like QuickTime).
The release of these new domains poses an added security risk for you and your business. In this blog we will explain what the threat is and how you can protect yourself against it.
The Issue
Microsoft allows users to put a username and password in the URL (the address of a web page) field. e.g. username:password@example.com.
What this allows cyber criminals or bad actors to do is send links such as https://microsoft.com/@example.zip where the username is ‘https’, the password is ‘//microsoft.com/’ and anything after the ‘@’ symbol is the new domain name. In this case it is ‘example.zip’. It should also be noted that the ‘/’ symbols are not regular slashes. These are fake Unicode versions that look the same.
This means that anyone can send a link with the correct spelling of a known website such as ‘https://microsoft.com’ but the website that this link will take you to is whatever is after the ‘@’ symbol. So in this case it is ‘example.zip’.
This domain is more than likely malicious as the senders have gone to the effort of disguising the TLD.
Being sent a malicious link is not the only problem. Most media platforms will automatically convert any new or existing plain text that looks like a website into hyperlinks. e.g. .com or .gov and now the new .zip or .mov
YouTube has already converted plain text with .zip in their comments into website links. This turns any plain text written years ago in harmful website links. Other media platforms are due to follow in the near future, increasing the risk of clicking on a malicious website.
How to defend against it.
If you receive any link that contains the ‘@’ symbol in a similar position such as https://microsoft.com/@example.zip delete the email containing the link straight away.
Another option that eliminates human judgement on the link is to block access to both TLD .zip and .mov. This can be carried out through various methods from URL filtering in your desktop Anti-virus, through to setting a filter within your firewall. Filtering will ensure that if the link is accidentally clicked the website will be blocked.
If you have found this solution interesting, get in touch with Envisage Technology and let us know you would like to setup a layer of protection against potentially malicious TLDs. We can tailor a project to either implement this solution with your current hardware/software or recommend additional hardware should this be required in the future.
More information
If you would like to learn more about the new release of Top Level Domains and the threat they pose, check out the following YouTube videos for a great insight into protecting yourself against TLD threat.