![]() ![]() ![]() 18 at 2 PM EDT find out why Hospital are getting hammered by ransomware attacks in 2020. Hacker’s Put Bullseye on Healthcare: On Nov. Researchers noted that security best practice for enterprises is to keep close track of parked domains, while consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site. ![]() For instance, 1 percent were flagged as being malicious (known to host phishing or malware campaigns) after being classified as benign almost 3 percent changed to not-safe-for-work categories (such as adult or gambling) and 31 percent were changed to being deemed “suspicious.” In the same time frame, the firm observed that 6 million parked domains have transitioned in terms of their classification. Overall, the firm has identified 5 million newly parked domains in the past six months. In looking further into the volume of parked domains out on the web, Palo Alto Networks found that 27,000 newly parked domains are on average identified daily. We believe that attackers are abusing McAfee’s affiliate program to steal ad revenue.” “Clicking on the ‘Proceed’ button will redirect users to a legitimate McAfee download page offering an antivirus subscription. “The landing page tries to fool users into believing that their machine is infected and that their McAfee subscription has expired,” explained the researchers. That page, antivirus-protectioncom-123xyz, is also still active. When users attempt to visit the real (and highly trafficked) Xfinity website, but accidentally mistype an additional “i,” they’ll be redirected to a suspicious landing page that purports to be owned by McAfee. In yet another case, a still-active typoquatted domain, xifinitycom, closely mimics the spelling of Comcast’s website for residential cable customers. “The exploit-kit script hosted on 0rediracom/jr.php fingerprints the browser silently to track users’ web activity and hides the landing URLs to prevent security companies and researchers from analyzing and blocking them,” according to Palo Alto Networks’ analysis, released Thursday. Randomly however, some visitors are sent to a page that hosted an exploit-kit script, before being redirected again to a survey website asking about users’ voting preference between Joe Biden or Donald Trump. While visiting peoplesvoteuk, users are presented with an ad-listing page most of the time. Such is the case with the still-active domain peoplesvoteuk, which claims to be related to the U.S. and the U.S.Īs mentioned, parked domains usually host or redirect to lists of ads. The domain was one of many being used around the world, researchers said, serving up attacks against organizations in various industries (such as education, government, energy, manufacturing, construction and telecommunications), including in France, Italy, Japan, Korea, the U.K. In this campaign, a domain called valleymedicalandsurgicalcliniccom, which is no longer active, redirected visitors to a malicious page that delivered Emotet. Emotet is a trojan that acts as a first-stage malware, capable of fetching and downloading a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. That’s shady enough, but sometimes, parked domains are crafted to be malicious from the get-go.Īs an example, Palo Alto Networks laid out a domain-parking campaign that was used as part of a global Emotet initiative. In our experience, we most frequently observe the distribution of grayware.” Therefore, users are exposed to various threats, such as malware distribution, potentially unwanted program (PUP) distribution and phishing scams. “Often, the parking services and the advertisement networks do not have the means or willingness to filter abusive advertisers (i.e. “Parking services either show users a list of ads (and get paid based on the number of user clicks on these ads) or redirect users automatically to the advertisers’ webpages (and get paid based on the number of user visits),” according to Palo Alto Networks. And if is a parked domain that was created in hopes of people making that mistake, it could redirect visitors to a page full of ads in order to drive impressions. If someone is searching for “Bread Depot,” (a fictitious example, by the way), the person may end up on Bread instead of the official, because it popped up in the search results. Researchers at Palo Alto Networks in an analysis on Thursday noted that domain-parking usually happens in the service of advertising. Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed attack. ![]()
0 Comments
Leave a Reply. |