New Google top-level domains raise potential security concerns

New Google top-level domains raise potential security concerns

New Google top-level domains raise potential security concerns

In early May, Google introduced a series of new top-level domains for public purchase: .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus.

Most of them seem to have obvious intentions. .dad, for example, is to celebrate fatherhood, in Google’s own words, while .phd and .prof are for use by those pursuing higher education.

However, .zip and .mov domains, intended for more technical users, have some security researchers concerned that they could be misused by threat actors in phishing and other malicious cyber campaigns.

The concern is that, as these are also common file types (for ZIP files and MP4 video files) that are often shared online, along with instructions on how to use them, the fact that they will now often be converted to links automatically . In theory, this could lead threat actors to create domains that match a filename, which, in turn, could be used for phishing or malware spread.

According to Bleeping Computer, two possible phishing pages have already been found on Microsoft-office[.]zip and microsoft-office365[.]zipper.

“We are closely monitoring all suspicious registration activity using the new TLDs.” threat intelligence firm Silent Push Labs said on Twitter. “Still, we see highly exploitable domains hosting .zip/.mov TLD abuse awareness pages.”

Other researchers have been even more open in their views on new TLDs, but whether or not they are truly dangerous is still debated.

“Regarding the .zip domains I complained about” said popular Twitter security commentator SwiftOnSecurity. “I think it’s silly and creates unnecessary confusion and will leave several minor phishing address confusion schemes/tricks/attacks… but it will simply be forced to become another TLD.

“It just feels exceptionally unnecessary.”

But others feel the reactions are a bit exaggerated.

“The level of scaremongering about .ZIP and .MOV is simply comical,” developer Eric Lawrence said in a tweet. “It’s a little alarming to see the cutting-edge Technorati throw their shoes at the machinery in terror.”

Lawrence went on to write an entire blog post discussing how new TLDs can lead to even safer browsing.

“One especially fun fact about requiring HTTPS for an entire TLD is that it means that every site within that TLD requires an HTTPS certificate.” Lorenzo wrote. “To obtain an HTTPS certificate from a public CA, the certificate must be published in Certificate Transparency, a public ledger for each certificate.

“Security software and brand monitors can observe certificate transparency logs and receive immediate notifications when a suspicious domain name appears.”

Leave a Reply

Your email address will not be published. Required fields are marked *