.Bit Domain Used To Deliver Malware and other Threats
For many users, .com is the only domain that matters. But when cybercriminals start using .bit, a new kind of top-level domain (TLD) for malicious activities, people are bound to take notice.
Some of the most common TLDs users often encounter are .com for commercial sites, .org for organizations, .gov for government agencies, and .edu for education. According to the Internet Corporation for Assigned Names and Numbers (ICANN)—the group tasked to regulate TLD registrations—these generic domains need strict policing.
“The controls and policies ICANN has over this area have been the subject of complaints among certain cybercitizen groups. ICANN’s strict domain creation policies have caused many groups to want to create new TLDs,” say senior threat researchers Bob McArdle and David Sancho. “For this very reason, we have been seeing alternative TLD systems or alternative DNS roots (ADRs) appearing over the years.”
Cybercriminals have, of course, jumped on the ADR bandwagon. Notably, they created the .bit TLD, inexpensive domains which can be purchased using a Bitcoin-clone currency dubbed “Namecoin.”
For cybercriminals, using .bit domains has three major advantages: the domains are untraceable, private, and sinkhole-proof. McArdle and Sancho explain that these qualities are important in helping cybercriminals evade authorities and prevent them from seizing malicious domain names.
Although the creation of .bit domains sounds perfect for malicious activities, .bit is actually not gaining as much traction as expected.
“The most obvious weakness of using an ADR system is the need to change an infected system’s DNS settings in order to access non-ICANN TLDs such as .bit,” say McArdle and Sancho. In other words, an agile administrator will easily be able to notice any threat that communicates with this alternate domain whenever it downloads malware or performs other malicious activities.
More information on how the ADR systems work, including a case study, statistics, and other technical data can be found in our research paper, Bitcoin Domains.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report