New Top Level Domains Could Expose Companies To Risk
An article review.
Opportunistic hackers could register new TLDs hoping to prey on misdirected internal traffic
The US Computer Emergency Readiness Team (US-CERT) recently issued a statement for organizations who use top level domain names to route internal traffic, warning that misconfigured proxy servers could route requests for those names to newly registered external domains.
The potential attack is linked to the Web Proxy Auto-Discovery (WPAD) service in Windows, which attempts to standardize web proxy configurations across a network by downloading settings from a central server. Domain name requests intended for WPAD have been observed reaching servers on the open internet in the past, potentially leading to a situation where internal network traffic gets routed to a domain specifically selected to try and catch these requests for malicious purposes.
Considering the increase in top level domain names from less than a dozen to over 1,200 it’s impossible to know what formerly unused names could become live in the future, so security experts suggest companies either use names they’ve registered themselves or make certain no internal DNS requests can make it to the outside.
Original article by US-CERT.
Leave a comment
The seven best trend articles in 2019 . . . For ISOs of small financial institutions. Read more
A new exploit involving Apple’s FaceTime is a reminder that our gadgets can be turned Read more
At its peak over 11,500 employees were ensnared in the email chain… An article review Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more