Google has recently launched a new set of generic top-level domains (gTLDs) that include .zip and .mov, among others. These domains are now available for anyone to purchase and use, such as techspot.zip or movie.mov.
The new top-level domains .zip and .mov are a cause for concern for businesses that want to protect themselves from cyberattacks. These domains are designed to mimic common file extensions, such as .zip for compressed files and .mov for video files. However, they are not files at all but websites that can host malicious content or phishing pages.
What are the new top-level domains?
A top-level domain (TLD) is the last part of a web address, such as .com, .org, or .net. Hundreds of TLDs are available, and some are restricted to certain types of organizations or countries. For example, .edu is reserved for educational institutions, and .uk is for websites based in the United Kingdom.
However, some TLDs are open for anyone to register, and these are called generic top-level domains (gTLDs). Recently, Google has launched two new gTLDs: .zip and .mov. These domains are meant to be used for websites related to ZIP files and MOV videos, respectively. However, they can also be used for any other purpose as long as they comply with Google’s policies.
Why are top-level domains a risk?
One of the main risks of the new top-level domains is that they can be easily confused with legitimate ZIP files that users may download from trusted sources. For example, a malicious actor could create a domain like bank-statement.zip and send phishing emails to unsuspecting users, asking them to download their latest statement. The user may not notice the difference between a .zip domain and a .zip file and end up downloading a malicious executable that could compromise their system. This could lead to various negative consequences, such as losing access to their personal or work files, having their personal or financial information stolen, or having their system infected with other malware. An example of this type of attack is a ransomware campaign, which uses .zip domains to trick users into downloading malware that encrypts their files and demands payment for decryption.
Another risk of the top-level domains is that they can bypass some security measures that rely on file extensions to filter out malicious attachments. For example, some email providers or firewalls may block emails that contain .zip files as attachments, but they may not block emails that contain .zip domains as links. This could allow attackers to evade detection and deliver their malware more easily. Some security solutions may also fail to scan the content of the .zip domains, assuming that they are harmless websites rather than malicious files. This could expose users to malware without any warning or protection. An example of this type of attack is a banking trojan, which uses .zip domains to deliver its payload and steal sensitive information from infected machines.
How can we protect ourselves from top-level domains and other cybersecurity threats?
One of the best ways to protect from top-level domains is to change to a firewall solution that blocks these domains entirely. We recommend our clients use a leading firewall solution, such as Palo Alto Networks, which can block top-level domains and prevent users from accessing malicious websites that use top-level domains.
The new top-level domains are not the only reason to be cautious and increase cybersecurity efforts. There has been an increase in phishing and social engineering attacks that rely on human error rather than technical vulnerabilities. These attacks use psychological manipulation to trick users into making security mistakes or giving away sensitive information. To prevent phishing and social engineering attacks, our clients can receive in-depth training on preventing avoidable attacks.
Contact Virtuas to learn more about new top-level domains and how to protect from a cyberattack with a new firewall solution and phishing training.