In its expansion of top-level domains (TLDs), Google Registry has introduced eight new domains, including .dad, .phd, .prof, .esq, .foo, .nexus, .zip, and .mov. These additions aim to cater to various interests such as dads, graduates, tech enthusiasts, and professionals. However, the introduction of the .zip and .mov domains has triggered a lively debate among experts regarding their potential impact on the internet and web security as a whole.
These concerns stem from the potential misuse of these domains by threat actors for phishing attacks and malware delivery. As organizations navigate this evolving landscape, raising awareness about the associated risks and providing guidance on maintaining online security becomes crucial.
While these domains have been available since 2014, their recent general availability allows anyone to purchase a domain with extensions such as mycompany.zip for hosting websites or email addresses.
The concern arises from the fact that ‘.zip’ and ‘.mov’ are also file extensions commonly associated with ZIP archives and MPEG 4 videos, respectively. As a result, various online platforms and applications automatically convert filenames with these extensions into URLs, making them clickable links. This automatic conversion process poses risks, as users may assume that these URLs provide a secure pathway to download associated files from trusted sources.
However, threat actors could exploit this trust by registering a ‘.zip’ or ‘.mov’ domain with the same name as a linkified filename. This opens the door to phishing scams or malware downloads, as unsuspecting users may visit these malicious websites, believing they are safe. Even though it is unlikely for threat actors to register thousands of domains for limited victims, a single user falling victim to such an attack could have severe consequences for the entire network.
Instances of abuse related to these domains have already been observed.
Cyber intelligence firm Silent Push Labs recently discovered a phishing page at Microsoft-office.zip designed to steal Microsoft Account credentials. These websites exhibited what appeared to be authentic Microsoft sign-in pages, potentially aiming to deceive and collect login credentials from unwary individuals.
Additionally, researchers have explored the possibilities of creating convincing phishing links by manipulating Unicode characters and user info delimiters in URLs, further underscoring the potential risks.
By incorporating the @ operator into the URL, which is typically used to separate the user information (according to RFC 3986), the following link:
https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip
is interpreted as: v1271.zip
This occurs because modern browsers tend to ignore everything before the @ delimiter, considering it as part of the user information.
Diverging viewpoints within the cybersecurity realm have triggered discussions among developers and security researchers. Some argue that the fears surrounding the new domains are unwarranted, while others believe that the ‘.zip’ and ‘.mov’ TLDs introduce unnecessary risks to an already challenging online environment.
In response to these concerns, Google has emphasized that the risk of confusion between domain names and file names is not new. They highlight the presence of browser mitigations, such as Google Safe Browsing, that protect users from abuse. Google Registry, responsible for managing these TLDs, has existing mechanisms to suspend or remove malicious domains across all their TLDs, including ‘.zip.’ The company assures users that it will continue to monitor the usage of these TLDs and take appropriate actions to safeguard users against emerging threats.
It is essential to exercise caution when clicking on links or downloading files from sources that are not explicitly trusted. If a message contains a ‘.zip’ or ‘.mov’ link, it is advisable to research its legitimacy before clicking. When in doubt about the safety of a link, it is best to avoid clicking on it altogether.
As a user, it's important to take certain precautions to enhance your online security in light of the introduction of new top-level domains like .zip and .mov. Here are several suggestions that can be implemented:
- Be cautious when clicking on links, especially those with .zip or .mov extensions. Take the time to verify the legitimacy of the link before clicking, especially if it's from an unknown or untrusted source.
- Before entering any sensitive information or credentials on a website, double-check its authenticity. Look for indicators such as HTTPS encryption, a valid SSL certificate, and proper branding. Be wary of websites that appear suspicious or mimic popular services.
- Be alert for phishing emails or messages that prompt you to click on a link or download a file. Pay attention to any red flags, such as spelling errors, unusual email addresses, or urgent requests for personal information. When in doubt, independently verify the legitimacy of the communication through official channels.
- Regularly update your operating system, web browsers, antivirus software, and other security tools to ensure you have the latest protections against emerging threats. Enable automatic updates whenever possible.
- Use strong, unique passwords for your online accounts and consider using a password manager to securely store and manage your credentials. Consider implementing two-factor authentication whenever it is offered to enhance your security measures with an additional layer of protection.
- Install reputable security software and browser plugins that can detect and block malicious websites, phishing attempts, and malware. These tools can provide an additional layer of defense against potential risks.
- Maintain a constant awareness of the latest trends, news, and best practices in cybersecurity, ensuring that you stay up to date. Continuously educate yourself on emerging threats and actively share this knowledge with your colleagues and family members to foster a culture of security awareness.
By adopting these precautions and staying vigilant, you can minimize the potential risks associated with new top-level domains and maintain a safer online experience.