Security Risk: .Mov and .Zip domains can lead to malware

We want to bring your attention to a concerning development involving the use of new top-level domains (TLDs) introduced by Google. Specifically, threat actors are leveraging TLDs such as .mov and .zip to target organizations, posing a significant security risk.

The Deceptive Nature of .mov and .zip Domains:

The primary concern lies in the fact that .mov and .zip are widely recognized file extensions for internet-shared files. Exploiting this familiarity, threat actors are employing .mov or .zip as domain extensions, allowing them to create URLs that masquerade as filenames with .mov or .zip extensions. This clever tactic enables them to purchase domains resembling familiar filenames like “update.zip” and trick unsuspecting victims into downloading malware during phishing campaigns. Our security partners at Arctic Wolf have already identified numerous instances where threat actors have misused .mov and .zip domains in successful phishing campaigns.

The Implications for your Organization’s Security:

Given the deceptive nature of .mov and .zip domains, it is imperative for organizations to understand the potential consequences they may face. Falling victim to a phishing campaign can result in severe repercussions, including unauthorized access to sensitive information, financial loss, and damage to your organization’s reputation. Therefore, taking proactive measures to mitigate these risks is of utmost importance.

Here’s How to Address this Security Risk:

To safeguard your organization from these targeted threats, we recommend the following steps:

Raise Awareness: Educate your employees about the risks posed by .mov and .zip domains and the importance of scrutinizing URLs before clicking on them.
Implement Robust Security Measures: Utilize reliable cybersecurity solutions that include advanced threat detection, anti-phishing tools, and email filtering capabilities to identify and block malicious links.
Stay Updated: Regularly update your organization’s security software, ensuring it incorporates the latest threat intelligence and detection mechanisms to stay ahead of evolving cyber threats.
Conduct Security Training: Conduct regular security training sessions to empower your employees with the knowledge and skills necessary to identify and respond to phishing attempts effectively.

As always, we’re here to function as your IT and cybersecurity partner, so if you need assistance with this issue, have any questions, concerns or feedback, please reach out to your account manager if you’re a TSI client. If you’re not currently a TSI client, please use our Contact Us form, and we’ll follow up and help you resolve this issue.

Stay vigilant, stay secure.