Hackers increasingly use “domain shadowing” in Cyberattacks

Researchers from Palo Alto Networks uncovered 12,197 instances in which threat actors used “domain shadowing” in cyberattacks.

Domain shadowing is a subcategory of DNS hijacking. It involves threat actors compromising the DNS of a legitimate domain to host their own subdomains for use in malicious activities.

The subdomains are used to create malicious pages on the servers of the cyber criminals, while the websites and DNS records of the domain owner remain unchanged, and the owners do not realize that they have been breached.

According to the researchers, the tactic is lucrative for hackers because it is difficult to detect genuine cases of domain shadowing. Of the 12,197 domains detected, only 200 are marked as malicious, and most of the discoveries related to a single phishing campaign that used a network of 649 shadowed domains on 16 compromised websites.

Although protection against rogue subdomains is the responsibility of domain owners, registrars and DNS service providers, it is important that users remain cautious when submitting data. They are advised to double-check everything before submitting credentials or other sensitive information.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web