Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.
“Parking threats are fueled by lookalike domains,” Infoblox explained. “No domain is immune. When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3[.]org instead of ic3[.]gov. Their phone was quickly redirected to a false “Drive Subscription Expired” page. They were lucky to receive a scam; based on what we’ve learnt, they could just as easily receive an information stealer or trojan malware. The real threat from parked domains comes from their ability to hide malicious activity.”
The parked domains themselves may not be malicious, but many of them are involved in complex advertising networks that eventually redirect users to scams, scareware, or malware downloads.
“At the heart of the matter is a feature referred to as direct search or zero click parking, which is intended to directly deliver users relevant content based on the parked domain name,” the researchers explain.
“When a domain owner opts into direct search, traffic to the domain is sold to advertisers who bid on keywords and traffic characteristics. In practice, the site visitor is usually funneled through a series of traffic distribution systems (TDSs) operated by third-party advertising platforms, creating a complex web where a legitimate business model is weaponized for abuse.”
This complexity makes it difficult for technical defenses to prevent users from ending up on malicious sites.
“[T]here is no clear path to effectively report abuse in the parking ecosystem,” Infoblox says. “Reputable parking platforms gather KYC information on their direct customers, but the threat to internet users and enterprises is generally out of their purview. Moreover, the anti-fraud mechanisms these companies use inadvertently protect the bad advertisers from detection as well. Finally, an unintended consequence of Google’s advertising policy changes may be to exacerbate the threat by causing domain holders to increasingly adopt direct search.”
AI-powered security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for these attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Infoblox has the story.
Here's how it's done:
