Hackers Exploit Abandoned Domains to Bypass Email Security Checks

Hackers Exploit Abandoned Domains to Bypass Email Security Checks

Email Spoofing Continues to Plague Cybersecurity Landscape

Recent cybersecurity investigations have revealed ongoing success in malicious email campaigns utilizing sender address spoofing techniques. Despite existing security measures like DKIM, DMARC, and SPF, cybercriminals are adapting by exploiting abandoned domains to bypass security protocols.

Key Findings:
– Threat actors, including Muddling Meerkat, are targeting old, unused top-level domains
– Campaigns active since December 2022 utilize QR codes leading to phishing sites
– Attackers impersonate major brands like Amazon, Mastercard, and SMBC
– Extortion schemes demanding Bitcoin payments have emerged

Recent Campaign Highlights:
The “Butcher Shop” phishing campaign, targeting legal, government, and construction sectors since September 2024, focuses on stealing Microsoft 365 credentials. The operation leverages trusted platforms including Canva, Dropbox DocSend, and Google AMPs.

Domain Abuse Statistics:
– Generic top-level domains (.top, .xyz, .shop, .vip, .club) account for 37% of cybercrime domains
– These domains represent only 11% of the total domain name market
– 22 gTLDs offered registration fees below $2.00

New Threats:
– PhishWP, a malicious WordPress plugin, creates fake payment processor pages
– Middle Eastern banking customers targeted through sophisticated social engineering
– SMS phishing campaigns impersonating UAE law enforcement

Security experts emphasize the importance of implementing robust email authentication protocols and maintaining vigilance against evolving phishing techniques.

Share This Article