Strategic Revenue - Domain and Internet News

Internet news authored by John Colascione

Register Domain Names

You are here: Home / Domain Names / Hackers Utilizing Russian Domains for Rising Number of Complex Phishing Attacks

Hackers Utilizing Russian Domains for Rising Number of Complex Phishing Attacks

By Leave a Comment

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***

Register Domain Names

Russian Domains
Experts report a leap in the use by hackers of top-level domains (TLDs) such as .ru (Russia) and .su (Soviet Union), doing so in order to make their activities harder to trace. File photo: Novikov Aleksey, licensed.

REDMOND, WA – Cybersecurity experts have noted a large increase in the number of phishing attacks recently as hackers have been altering their attack avenues in order to work their way around increasingly complex email security systems designed to circumvent their efforts. Both the volume and complexity of malicious emails have been on the rise and are proving to be increasingly able to bypass Secure Email Gateways (SEGs) such as Microsoft and Proofpoint, according to Cofense Intelligence’s third-quarter Trends Report.

Every 45 seconds, a minimum of one malicious email manages to bypass SEGs, up from a rate of one every 57 seconds in 2023, representing the increased sophistication of the phishing campaigns being carried out by bad actors.

In particular, the rise in instances of Remote Access Trojan (RAT) usage is of particular concern, which allows criminals to take remote control of a victim’s system in order to install malware, steal sensitive data, and/or lurk about undetected in order to carry out near limitless mayhem.

There have been a whopping 627 percent increase in open redirects in phishing campaigns, which redirect users to malicious URLs that are often false clones of trusted websites; in addition, there has also been a 600 percent leap in the number of malicious Microsoft Office documents – typically in the .docx format – flooding inboxes of unsuspecting victims that, when opened, contain phishing links and/or QR codes that lead to harmful RAT websites.

But the biggest change in the tactics of hackers comes with their greater and greater reliance upon less mainstream domains to carry out their attacks. For data exfiltration, experts report a great leap in the use by hackers of top-level domains (TLDs) such as .ru (Russia) and .su (Soviet Union), doing so in order to make their activities harder to trace.

It is important to note that malicious documents aren’t limited to Microsoft Office files like .docx. Cybercriminals often use a variety of file types to distribute malware or phishing links.

Here are some common file extensions to watch out for, along with their associated risks:

Office and Document Formats

  1. .doc / .docx (Microsoft Word) – Often contains phishing links or embedded macros that execute malware.
  2. .xls / .xlsx (Microsoft Excel) – Commonly used to deliver malicious macros.
  3. .ppt / .pptx (Microsoft PowerPoint) – Can contain malicious links or embedded scripts.
  4. .pdf – PDFs can include embedded links or scripts that exploit vulnerabilities in PDF readers.

Executable Files

  1. .exe – Standard Windows executable files; opening them can directly run malware.
  2. .bat – Batch files that execute commands in Windows Command Prompt.
  3. .cmd – Similar to .bat, these execute Windows commands.
  4. .scr – Screen saver files, which are also executable.
  5. .msi – Windows Installer files that can install malware.

Compressed Files

  1. .zip / .rar – Compressed archives often contain malicious executables or scripts.
  2. .7z – Another compressed format used for hiding malicious content.
  3. .iso – Disk image files that can contain harmful executable files.

Scripts and Web Files

  1. .js (JavaScript) – Script files that can execute harmful code.
  2. .vbs (VBScript) – Scripts that can perform harmful actions on Windows.
  3. .hta – HTML application files, often used to execute malicious code.
  4. .html / .htm – Web page files that can contain phishing links or malicious JavaScript.

Image and Multimedia Files

  1. .jpg / .jpeg / .png / .gif – Typically safe, but can sometimes include malicious payloads when exploited with vulnerabilities in image processing software.
  2. .mp4 / .avi – Malicious payloads can sometimes be hidden in multimedia files with exploit-based attacks.

Email-Specific Files

  1. .eml – Email message files that can contain phishing links or attachments.
  2. .msg – Outlook message files that may include embedded malicious links or scripts.

Other Formats

  1. .txt – Although plain text files are generally safe, they can contain phishing links.
  2. .rtf (Rich Text Format) – Can include embedded exploits or links.
  3. .dll – Dynamic Link Library files that can be loaded by malicious executables.

QR Codes

Even though not file extensions, malicious QR codes embedded in documents are becoming common. Always verify the source of a QR code before scanning.

Best Practices

  1. Enable file extension visibility on your computer to identify potentially harmful files.
  2. Avoid opening files from unknown sources, even if they appear to be benign formats like .pdf or .docx.
  3. Keep software up-to-date to reduce the risk of vulnerabilities.
  4. Use reputable antivirus and endpoint protection tools to scan files before opening.

Clearly, cybercriminals have been upping their game when it comes to devising new and unusual tactics to bypass ever-evolving security systems; both organizations and individuals are urged to continue to push the envelope when it comes to keeping their security protocols at the cutting edge and utilizing simple common sense when dealing with suspicious content.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.