https://thehackernews.com/2025/01/neglected-domains-used-in-malspam-to.html
Cybersecurity researchers have uncovered a concerning trend where cybercriminals are increasingly exploiting neglected domains to evade email security measures and deliver malicious payloads.
By spoofing sender addresses with domains that lack active DNS records, attackers can bypass security checks like SPF and DMARC, which rely on domain authentication mechanisms. This allows them to deliver malicious emails containing phishing links, malware attachments, and extortion threats with greater success.
One such observed campaign leverages old, disused domains to deliver emails with QR codes that, when scanned, redirect victims to phishing sites. Other campaigns impersonate legitimate brands like Amazon and Mastercard to steal login credentials.
Furthermore, the rise of generic top-level domains (gTLDs) like .top, .xyz, and .shop has provided cybercriminals with readily available and inexpensive options for establishing malicious infrastructure. These domains, often lacking robust registration requirements, are increasingly used for hosting phishing sites and distributing malware.
Beyond email-based attacks, the threat landscape is evolving with the emergence of new tactics. These include the use of trusted platforms like Canva and Dropbox to redirect users to malicious sites, and the development of malicious WordPress plugins designed to steal payment information.
These findings underscore the need for continuous vigilance and robust security measures to combat the ever-evolving tactics of cybercriminals.