- Cofsense’s report finds actors of phishing abusing areas of higher level (TLDS)
- A large number of .GOV areas are used in open redirection attacks
- Brazil is the leader in the abuse of the .GOV domain
Cybercriminals operate legitimate government websites and domain services, in particular those with high -level areas (TLD).
A report by cybersecurity experts Cofense Intelligence claims that TLDs are used for a wide variety of harmful purposes, the phishing of identification and control operations (C2).
The document declared between November 2022 and November 2024, threat actors took advantage of the vulnerabilities in the fields. GOV in more than 20 countries.
Phishing of identification information
One of the things for which the domains are used is open redirects, which have become a key method to bypass the secure messaging gateways (SEGS).
Open redirects occur when a web application involuntarily allows user -controlled entry to direct traffic to an external site, which threat actors can handle. Using this tactic, attackers can redirect the unlimited victims of legitimate websites. Gov with fraudulent pages.
In the United States, the .GOV domains are among the most frequently exploited for these redirects, with more than 77% of attacks taking advantage of a specific vulnerability linked to the parameter “Nosuchentryredirect”. This vulnerability, identified as CVE-2024-25608, has an impact on platforms like Liveray, widely used by government organizations. Although the .GOV areas based on the United States only represented 9% of all .GOV abused areas, they ranked third in global use.
The phishing of diplomas remains the most common form of abuse linked to .GOV domains, explains the document. The majority of government areas used in phishing attacks have organized up to nine different files through various campaigns. These phishing attempts often imitate legitimate services such as Microsoft, with emails designed to appear as if they were sent from trust.
The report also notes that the abuse of the .GOV domains for phishing and redirecting diplomas to malicious sites has been observed in several countries. Brazil, in particular, stands out as the most targeted country, representing most of mistreatment in the .GOV fields. However, a small number of areas in Brazil were responsible for the majority of these abuses, suggesting that the attackers focused on a handful of important government websites.
