CP
cyberpings
FraudHIGH

Phishing Tactic Exploits .arpa Domain to Bypass Security

CSCSO Online
phishing.arpaDNSInfobloxHurricane Electric
🎯

Basically, hackers are using a special internet domain to trick people into giving away their credit card info.

Quick Summary

Hackers are exploiting the .arpa domain to bypass phishing detection. This affects anyone using online services, putting your financial info at risk. Experts recommend tightening DNS controls to combat this threat.

What Happened

A new phishing? tactic has emerged that exploits the .arpa top-level domain (TLD) to evade detection by security systems. This method manipulates DNS records? to host phishing? content on domains that should not resolve to an IP address. The .arpa domain is intended for internet infrastructure, primarily for mapping IP addresses to domain names. However, a threat actor has found a loophole in the DNS management of at least one provider, allowing them to create malicious A records? instead of the expected PTR records?.

Infoblox, a cybersecurity firm, first identified this tactic while investigating attacks on a US-based DNS provider, Hurricane Electric, and content delivery service, CloudFlare. The report indicates that this clever trick could potentially bypass many security platforms. According to Dave Mitchell, Infoblox's senior director of threat research, this method poses a significant risk to users and organizations alike.

So far, the phishing? attempts have taken two main forms. One type pretends to be from well-known brands, luring victims with offers of gifts for completing surveys. The other type claims that the victim's online service or antimalware subscription has been interrupted, prompting them to pay to restore access. When victims click on embedded links in these lure images, they are redirected to malicious sites where they are asked to enter sensitive information like credit card numbers.

Why Should You Care

You might think phishing? scams only target the less tech-savvy, but this new tactic can affect anyone, including you. If you receive an email offering a gift or claiming your service has been interrupted, it could be a trap. Your financial information is at risk if you fall for these scams. The fact that these phishing? attempts use an implicitly trusted domain makes them even more dangerous.

Imagine you’re at a party, and someone offers you a drink from a trusted friend’s bottle. You’d likely trust it, right? This is similar to how hackers are using the .arpa domain? to trick you into believing their links are safe. The impact of these attacks is immediate and can lead to serious financial loss or identity theft.

What's Being Done

Infoblox is alerting affected DNS providers about this abuse, but there’s more to be done. Here are some immediate actions that DNS and IPv6? providers should take:

  • Review and tighten DNS management controls to prevent unauthorized record creation.
  • Educate users on recognizing phishing? attempts, especially those using seemingly legitimate domains.
  • Monitor DNS traffic for unusual patterns that may indicate phishing? activities.

Experts are closely watching how other providers respond to this tactic and whether it will lead to more widespread phishing? campaigns. Keeping your security measures up-to-date is crucial in this evolving threat landscape.

💡 Tap dotted terms for explanations

🔒 Pro insight: This tactic highlights the need for enhanced DNS security measures to prevent exploitation of trusted domains in phishing schemes.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHFraud

SocksEscort Botnet Taken Down in Major Fraud Operation

A global operation has taken down the SocksEscort botnet, which compromised thousands of routers for fraud. Victims included individuals and businesses, with millions lost. Authorities seized domains and servers, freezing millions in cryptocurrency.

SC Media·
MEDIUMFraud

Fake Shipment Tracking Scams Surge in MEA Region

Fake shipment tracking scams are on the rise in the MEA region, targeting online shoppers and small businesses. Scammers create urgency to trick victims into providing personal information. Stay vigilant and verify sources to protect yourself.

Group-IB Blog·
HIGHFraud

Beware of Fake Malwarebytes Renewal Notices in Your Calendar

Scammers are sending fake renewal notices from Malwarebytes in calendar invites. Victims may be tricked into calling fake billing numbers, risking their financial information. Stay alert and verify any suspicious invites.

Malwarebytes Labs·
HIGHFraud

AI vs. Phishing: Can It Protect Your Smartphone?

Phishing attacks are becoming more sophisticated, targeting smartphone users. New research shows that AI might help combat these threats. Stay vigilant to protect your personal information and finances.

Dark Reading·
HIGHFraud

Banking Trojan Targets Brazil's Pix Users in Real-Time Attack

A new banking Trojan is targeting users of Brazil's Pix payment system. This malware uses live operators to steal money in real-time. If you're using Pix, it's crucial to stay vigilant and secure your accounts.

Dark Reading·
HIGHFraud

Phishing Attacks: How to Outsmart Cybercriminals

Phishing attacks are becoming more sophisticated, targeting individuals and organizations alike. This evolving threat can lead to financial loss and identity theft. Stay vigilant and learn how to protect yourself against these cybercriminals.

SC Media·