Under Attack? Contact Us Start a Free Demo
Under Attack? Contact Us Start a Free Demo

Morgan Fitzgerald
25 September 2022

Why Domain Shadowing Attacks are Increasing in 2022 and How to Prevent Them?

What is Domain Shadowing?

Domain Shadowing is picking up traction in 2022 as researchers observed multiple cyber attacks recently leveraging this technique. Domain shadowing attack is a special case of DNS hijacking technique that involves hacking a domain administrator’s account and creating multiple subdomains within the domain, so as to bypass the denylists. This is an extremely stealthy way of exploitation and highly difficult to detect by traditional security systems.

How Domain Shadowing Works?

Typically, cybercriminals gain access to domain owner accounts through phishing, dictionary attacks, or other techniques. The next step is to create a large number of subdomains, each of which can be used for malicious purposes before being destroyed. Many of them are replaced automatically to speed up the rotation of used addresses and avoid detection.

Cybercriminals host malicious pages linked to URLs on their servers; these malicious pages do not link to any pages on the victim’s main site, nor does the main site link to any subdomains belonging to the victim. The address bar displays the main domain, which has a good reputation, which may make users unaware they are on a suspicious site. Domain owners may also not be aware that their account has been compromised or malicious subdomains have been created.

Cybercriminals use these subdomains for various nefarious purposes including (and not limited to):

  • C2 servers
  • Malware distribution
  • Scams
  • Phishing attacks

Why Domain Shadowing is Becoming Popular in 2022?

In 2022, threat actors consider domain shadowing one of the top techniques because of its highly stealthy way of operation. There are several reasons why this is especially difficult to detect:

  • An attacker does not need access to your web server to launch an attack.
  • Despite being notified or alerted regarding the subdomain creation, you won’t find anything by searching your server because the new subdomain threat actors set up are owned and hosted somewhere else, using the root domain reputation to sell malware.
  • Palo Alto’s recent report on domain shadowing states, out of 12,197 shadowed domains detected by Palo Alto between April 25 and June 27, 2022, only 200 were found on the VirusTotal. This illustrates how effectively domain shadowing is endorsed in cyber attacks by the threat actors.

How to Prevent Domain Shadowing Attacks?

Though it is extremely difficult to identify the creation of suspicious and malicious sub-domains for your domain, by considering a proactive and vigilant approach, one can avoid domain shadowing attacks.

  • Domain owners can check their DNS records for subdomains they don’t recognize. Subdomains you do not recognize should be removed as soon as you can. You might need to change your password and, in some cases, your security access if you discover any unrecognized subdomains.
  • As a general user, pay close attention to whom you’re following a link from in your e-mail and pay close attention to who sent the message. Whenever you are prompted to log in, double-check the address bar. If the domain name, including any subdomains, is not familiar, do not log in. Alternatively, you can contact the institute yourself to confirm details before accessing the website.

How to Defend Your Network from Advanced Cyber Attacks?

Cybersecurity threats and Zero-day vulnerabilities are increasing at a tremendous pace. It is extremely difficult for cyber security analysts and incident responders to investigate and detect cyber security threats using conventional tools and techniques. NetSecurity’s ThreatResponder, with its diverse capabilities, can help your team detect the most advanced cyber threats, including APTs, zero-day attacks, rootkits, file-less malware, and ransomware attacks. It can also help automate incident response actions across millions of endpoints, making it easy, fast, and hassle-free.

Want to try our ThreatResponder, cutting-edge Endpoint Detection & Response (EDR), and ThreatResponder FORENSICS, the Swiss knife for forensic investigators in action? Click on the below button to request a free demo of our NetSecurity’s ThreatResponder platform.

Start a Free Demo

Disclaimer

The page’s content shall be deemed proprietary and privileged information of NETSECURITY CORPORATION. It shall be noted that NETSECURITY CORPORATION copyrights the contents of this page. Any violation/misuse/unauthorized use of this content “as is” or “modified” shall be considered illegal and subjected to articles and provisions that have been stipulated in the General Data Protection Regulation (GDPR) and Personal Data Protection Law (PDPL).

Tags

CISO CISO Viewpoint Cybersecurity 101 Digital Forensics EDR NEWS Red Teaming Threat Intel & Research ThreatResponder

Featured Articles

ThreatResponder

Why Cyber Attacks are Increasing in 2024? How Can You Stay Protected

19 April 2024
Threat Intel & Research ThreatResponder

Defending Against Volt Typhoon: A State-Sponsored Stealthy Threat to Critical Infrastructure

6 April 2024
Threat Intel & Research ThreatResponder

Prevent Phobos Ransomware Attacks with ThreatResponder

5 April 2024
ThreatResponder

ThreatResponder, an AI-based Integrated Endpoint Security Solution Launched in South Korea

14 March 2024
ThreatResponder

Growing Chinese Threat To U.S. Cyber Security: How to Protect Your Business?

8 February 2024
Threat Intel & Research ThreatResponder

5 Cybersecurity Predictions for 2024

16 December 2023
CISO CISO Viewpoint

ThreatResponder: CISO’s Trusted Partner in Preventing Cyber Incidents

22 September 2023

TRY ThreatRESPONDER

Stop Advanced Cyber Attacks, Data Breaches, and Insider Threats

Start a Free Demo

Related Articles

Cybersecurity 101

What are Type 1 and Type 2 Errors in Cyber Security. Which One is Dangerous To Your Organization?

Morgan Fitzgerald
9 October 2022
Cybersecurity 101 ThreatResponder

Role of AI and ML in Advanced Cyber Threat Detection

Morgan Fitzgerald
13 September 2022
Cybersecurity 101

What are Rootkits?

Morgan Fitzgerald
12 August 2022
Close

Computer Forensics Investigation

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed vulputate velit mi, non hendrerit justo varius ac. Cras gravida, dolor vel pulvinar tempus, erat massa facilisis tortor, in lobortis dui arcu at ligula. Nunc consequat arcu non lobortis eleifend. Vestibulum vel metus finibus, semper nunc nec, tristique felis. Donec auctor vestibulum sapien. Mauris tristique eget metus in vulputate. Etiam nec tempor odio. Praesent quis commodo metus, eu fringilla ipsum. Fusce quis aliquam mauris, vel sollicitudin ex. Praesent sed imperdiet sapien, vitae interdum turpis. Cras mollis nisi at lorem eleifend viverra at vitae est. Mauris luctus sem in arcu pharetra suscipit. Aliquam id eleifend elit, in ullamcorper neque. Nam gravida urna et ipsum fringilla lobortis. Vivamus eget fermentum purus. Duis est nulla, interdum sed iaculis eu, ultrices a arcu. Donec commodo, diam