The number of malicious domains that are dormant, that is, unavailable on the internet until ordered by their controllers, has been growing. According to a report by security company Palo Alto Network, 22.3% of all non-active addresses may be in the possession of criminals.
The survey was carried out with the evaluation of dormant domains throughout the month of September 2021. From the samples, it was possible to conclude that approximately 3.8% of the total are malicious, 19% are suspicious and 2% should not be accessed in corporate environments.
Criminals like to use this type of domain in their crimes since, being active for a longer time and without any kind of suspicious activity, they are not treated as threats by security solutions. This increases the chances that they will be used as vectors for successful cyber infections. New addresses, on the other hand, are often viewed as security risks.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
Finally, the report also indicated that domains lie dormant for about two years before they start to be used in denial of service attacks (the famous DDoS), with traffic spikes up to 165 times higher than normal.
How to identify
Dormant domains are used for both DDoS attacks and campaigns. phishing or ransomware, where fake redirects lead potential victims to malicious addresses.
For common internet users, the identification of this type of address can be done from an analysis of the content displayed by it. If only generic information and layouts are present, it is good to be suspicious.
As for security solutions, it is important that companies start to monitor DNS patterns of websites, in order to identify patterns that may be suspicious and start the procedures for protecting and mitigating threats.