How does domain shadowing work?
Domain shadowing is when a cybercriminal manages to gain access to a reputable domain owner’s account. They will then create subdomains that they use for malicious actions. Visitors won’t realise that they’re not on a legitimate site as the main domain will display in the address bar. The user will believe it’s genuine, allowing the criminals to steal their bank details, personal information and passwords, as well as installing malware onto the user’s computer.
Hidden in plain view
This activity can go unnoticed for a while because the criminal leaves the site untouched and the DNS records remain the same. They could target the owner of the compromised domain but by going after the user instead, they remain undetected for longer.
Causing havoc in the shadows
It is hard to detect domain shadowing which is why the attackers tend to go under the radar. Most people don’t monitor their domain registrant accounts often enough to notice. The cybercriminal will not need access to your web server and the subdomains they create are hosted somewhere completely different.
Lurking behind legitimate sites
Internet security tools cannot differentiate between the legitimate and fake login pages so this method bypasses all the usual security filters. The cyber attacker is abusing the good reputation of the hijacked domain. The crooks tend to rotate and discard the subdomains quickly.
An escalating issue
Worryingly, domain shadowing is on the rise. Stay ahead of these attackers by having the very best cyber security. Cloud and More are an IT services company that specialise in cyber security in Bristol and the surrounding areas, along with an office in Milton Keynes. If you’re worried about your cyber security, get in touch and we can help ensure your business is protected.