Malicious actors might be using spoofed media domains to disseminate disinformation campaigns, according to results from the latest State of the Domain research published by DomainTools.
In looking at some of the most popular media outlets in the US, including The New York Times, USA Today, CSO, The Washington Post and Krebs on Security, researchers found that many of the domains are susceptible to domain-squatting and spoofed domains that can be used malicious campaigns.
Alarmingly, researchers said they discovered almost 200 fraudulent domains nearly identical to the legitimate domain names of the different publications. By re-purposing what were once valid internet sites, the fake domains appear more legitimate. Attackers hang out, or squat, on these old domains, buying time as they go largely undetected. Flying under the radar while squatting enables them to work out any inconsistencies with their attack infrastructure, according to the report.
Using the tactics of spoofing on domains and typosquatting, the campaigns can then carry out phishing attacks in order to steal personally identifiable information or even deliver malware to a device.
“Phishing carried out by typosquatting domain campaigns are particularly worrisome as they allow for seemingly trusted websites, with legitimate SSL certificates, to trick internet users into a false sense of security,” said Corin Imai, senior security adviser, DomainTools, in a press release.
“As distrust of traditional media continues to grow, and individuals continue to consume social networks as trusted news sources, protecting the public from disinformation campaigns has become pertinent to the democratic process,” said Imai.
“Our research underscores the need for media outlets to leverage cyber-threat intelligence and maintain vigilance over efforts to undermine their credibility. Further, educational campaigns that raise awareness about these issues will continue to be necessary in mitigating risks that come with malicious activity targeted at legitimate media sources.”
Included in the report is a list of some fraudulent domains with a high risk score, indicating the domains share proximity to malicious infrastructure. Some of these fake domains include:
-
nytimesofficial[.]com
-
usatosday[.]com
-
washinqtonpost[.]com
-
bistonglobe[.]com
-
krebsonsecurity[.]org
-
chicagotribunesnews[.]com
-
newsdag[.]com
-
cosonline[.]cn
-
nydaiylnews[.]com