A new report shows that the number of malicious aged domains is growing and represents a risk to cybersecurity. Out of them, almost 22.3% of strategically aged domains are to some extent dangerous.
Researchers discovered this based on the SolarWinds case, as the threat actors behind this famous attack used domains created years before starting their malicious activity.
Experts from Palo Alto Networks’ Unit42 published a report after they investigated every day of the month of September 2021 tens of thousands of domains. One of the findings revealed in the paper shows that they identified almost 3.8% malicious domains, 19% potentially malicious domains, and 2% posing a risk to work environments.
The statistics of the analyzed domains were also depicted in a diagram:
The Reason Behind the Aged Domains Trend
Researchers explain that
Threat actors may register domains long before launching attacking campaigns on them. There are various motivations for this strategy. First of all, the longer life of aged domains can help them evade some reputation-based detectors. Secondly, C2 domains belonging to APTs can sometimes be inactive for years. During the dormant period, APT trojans only send limited “heartbeat” traffic to their C2 servers. Once the