Domain Shadowing - DNS Compromise for Cybercrime
Cyber criminals compromise domain names in order to attack domain owners or users directly, or use them for various nefarious ventures such as phishing, malware distribution, and command-and-control (C2) operations. A special case of DNS hijacking is known as domain shadowing, where attackers secretly create malicious subdomains under compromised domain names. Shadow domains do not affect the normal operation of the compromised domains, making them difficult to detect by victims. The inconspicuousness of this subdomain often enables the perpetrators to exploit the good reputation of the compromised domain for a long time....