UPDATED 15:43 EDT / MAY 17 2023

SECURITY

Cybersecurity experts flag potential risks affecting new top-level domains

Some cybersecurity experts have expressed concerns about two new top-level domains that became generally available earlier this month.

The two top-level domains were released by Google LLC on May 3 along with six others. In a statement issued today, the search giant argued that any potential cybersecurity risks which may emerge are manageable and can be addressed with existing breach prevention mechanisms. 

Google operates a domain registry through which it offers top-level domains, or TLDs, the dot-delimited suffixes at the end of URLs. On May 3, the search giant made eight new TLDs available for use by website operators. Two of those TLDs, .zip and .mov, caught cybersecurity experts’ attention.

Both .zip and .mov are file extensions of popular data formats. The former is the extension associated with ZIP files, while .mov appears at the end of videos encoded in the MPEG 4 format. The concern is that this dynamic could be abused by hackers to trick users into clicking malicious URLs.

According to BleepingComputer, some social media platforms and messaging apps now turn ZIP file names shared by users into URLs. The file name “document.zip,” for example, might be turned into a clickable link that leads to a website with the same address. If hackers were to host malware at that address, they could potentially infect the devices of users who click the link.

It appears that hackers have already begun employing such tactics. According to BleepingComputer, cybersecurity startup Silent Push has discovered a .zip website that mimics Microsoft Corp.’s login page. It’s believed the website is intended to trick users into sharing their login credentials.

Chrome users could potentially also be targeted by deceptive links. According to The Register, the issue affects URLs embedded in web pages. A researcher has reportedly found a way of creating URLs that link to a legitimate website, but redirect the user to a malicious .zip domain when clicked.

Certain email clients are believed to be affected as well. An exception is Apple Inc.’s Apple Mail client, which reportedly blocks URLs that attempt to redirect users to a .zip domain.

Google argues that the potential risks associated with the new TLDs it released this month are manageable. “The risk of confusion between domain names and file names is not a new one,” a Google spokesperson told The Register today. “Applications have mitigations for this (such as Google Safe Browsing), and these mitigations will hold true for TLDs such as .zip.”

The search giant also pointed out that the TLDs support a new cybersecurity technology called HSTS preloading. According to Google, the technology ensures that browsers only connect to a website via an encrypted network connection. When a website enables HSTS preloading, its URL is added to the internal database of browsers such as Chrome, which subsequently only send requests in an encrypted form.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU