Skip to main content
  1. Home
  2. Computing
  3. News

Hackers may be hiding in plain sight on your favorite website

Add as a preferred source on Google

Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

An offshoot of DNS hijacking, domain shadowing provides the ability to create malicious subdomains by infiltrating legitimate domains. As such, shadowed domains won’t have any impact on the parent domain, which naturally makes them difficult to detect.

Recommended Videos

Cybercriminals can subsequently use these subdomains to their advantage for various purposes, including phishing, malware distribution, and command and control (C2) operations.

“We conclude from these results that domain shadowing is an active threat to the enterprise, and it is hard to detect without leveraging automated machine learning algorithms that can analyze large amounts of DNS logs,” Unit 42 stated.

Once access has been obtained by threat actors, they could opt to breach the main domain itself and its owners, as well as target users from that website. However, they’ve had success by luring in individuals via the subdomains instead, in addition to the fact that the attackers remain undetected for much longer by relying on this method.

Due to the subtle nature of domain shadowing, Unit 42 mentioned how detecting actual incidents and compromised domains is difficult.

In fact, the VirusTotal platform identified just 200 malicious domains out of the 12,197 domains mentioned in the report. The majority of these cases are connected to an individual phishing campaign that uses a network of 649 shadowed domains via 16 compromised websites.

A system hacked warning alert being displayed on a computer screen.
Getty Images

The phishing campaign revealed how the aforementioned subdomains displayed fake login pages or redirected users to phishing pages, which can essentially circumvent email security filters.

When the subdomain is visited by a user, credentials are requested for a Microsoft account. Even though the URL itself isn’t from an official source, internet security tools aren’t capable of differentiating between a legitimate and fake login page as no warnings are presented.

One of the cases documented by the report showed how an Australian-based training company confirmed it was hacked to its users, but the damage was already done through the subdomains. A progress bar for the rebuild process was showcased on its website.

Currently, Unit 42’s “high-precision machine learning model” has discovered hundreds of shadowed domains created on a daily basis. With this in mind, always double-check the URL of any website that requests data from you, even if the address is hosted on a trusted domain.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more
I spent a fortune on a Copilot+ PC, and I’ve barely ever touched Microsoft’s AI
Microsoft needs to give Copilot+ PC owners a reason to use Copilot
Copilot

There is a dedicated Copilot key on my ASUS Zenbook 14 OLED. Months after buying the laptop, it may be one of the least important keys on the entire keyboard. My Zenbook UM3406 runs on AMD’s Ryzen AI 300 series processor, complete with a dedicated NPU offering up to 50 TOPS of AI performance. That qualifies it as a Copilot+ PC, which makes it a part of what Microsoft once described as the new era for Windows.

AI is already a regular part of my workday. I use it for research, brainstorming, and working through ideas. But rather than relying on something built into the Windows OS, I've relied on the likes of ChatGPT, Claude, and Gemini.

Read more