By Kevin Santarina
Posted in Security
On May 23, 2023

If you haven’t read tech news in the last week or two, would you have thought twice about clicking on these links if they were embedded into an email?

This past month, Google introduced eight new top-level domains that are publicly available for registration. Among them are two very commonly recognized file extensions, .zip and .mov.

The .zip extension is one of those file extensions used to indicate to a user that they are about to receive a collection of files, PDFs, documents, installers, etc., all compressed into a single file for ease of transfer. The recipient of a .mov file indicated to the user that they were about to enjoy a video replay of the family vacation in the Bahamas they just attended last month. Unfortunately, it will no longer be this simple as users will have to remain extra vigilant in the attachments and links they think they are clicking on.

There is concern in the cybersecurity industry that threat actors will move to register .zip and .mov domains to be disguised as legitimate file downloads and leverage them in common attack scenarios like phishing campaigns or drive-by downloads. Vendors in the cybersecurity space have already identified “.zip domains being abused for successful phishing campaigns leveraging popular office software suite filenames.”

According to researchers, it’s unlikely that threat actors will register and sit on potentially millions of .zip and .mov domains, but over time, they expect to see this particular threat vector become more sophisticated. Until then, stay the course: remain vigilant, fine tune your edge devices, stay on top of your user security awareness training, hover over ALL the links, and think twice before you click!

PS: was registered by a white hat hacker (for now). IT/Security teams around the world thank this person for their service.

Kevin Santarina

Kevin Santarina

Kevin is a Principal Architect for Gotham's Cybersecurity Practice. Kevin has been engrossed in cybersecurity for the last 10 years, working with organizations to identify, assess, strategize, and implement their cybersecurity initiatives. Kevin's focus areas include anything that can be found on a security analyst's desktop or technologies that can be found in a SOC.