Exploiting Mistyped URLs

Read Time:1 Minute, 6 Second

Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“:

Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information. In “typosquatting,” misspellings of common domains are registered to exploit errors when users mistype a web address. Yet, no prior research has been dedicated to situations where the linking errors of web publishers (i.e. developers and content contributors) propagate to users. We hypothesize that these “hijackable hyperlinks” exist in large quantities with the potential to generate substantial traffic. Analyzing large-scale crawls of the web using high-performance computing, we show the web currently contains active links to more than 572,000 dot-com domains that have never been registered, what we term ‘phantom domains.’ Registering 51 of these, we see 88% of phantom domains exceeding the traffic of a control domain, with up to 10 times more visits. Our analysis shows that these links exist due to 17 common publisher error modes, with the phantom domains they point to free for anyone to purchase and exploit for under 20, representing a low barrier to entry for potential attackers.

European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms

Paragon Spyware used to Spy on European Journalists

Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm

Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft

South African man imprisoned after ransom demand against his former employer

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Airlines Secretly Selling Passenger Data to the Government

Sweden says it is under cyber attack

Cybersecurity Warrior-Leaders: Self and Team Care