The Internet is full of web pages of all kinds. There are articles and news, reports on a specific topic, online stores, social networks … But of course, sometimes a website stops updating, your manager stops creating content and goes a bit into oblivion. The page is still active and at some point it can be updated again and generate content. These cases are what a new report considers the most dangerous.
An old domain can be a threat
It is a report made by Palo Alto Networks Unit42. They have analyzed tens of thousands of domains and found that the old ones are the ones that tend to be a greater security threat and are used by hackers to launch attacks.
Why is this happening? They indicate that a new domain, when created, becomes suspect to threat detection systems. After all, the common thing would be for a hacker to create a new page and quickly start using it to launch Phishing attacks or any kind of threat.
However, the fact that this raises suspicions on the part of security systems, causes hackers to start using old domains, which have been paralyzed for a long time. Those will go unnoticed by those detection systems.
In fact, according to this report they assure that a ancient domain you are up to three times more likely to become a safety hazard. Many of them have been inactive for more than two years.
Big sudden growth
A very clear sign that an old domain may be being used for attacks is its sudden growth. Consider a domain that someone creates and leaves it on hold for years. Suddenly your traffic starts to increase enormously.
In addition, they ensure that it can also be verified through the WHOIS data. Generally, domains that were not created for fair use had incomplete, cloned, or weird-looking content.
From Unit42 they give as an example the espionage campaign Pegasus, which used two domains registered in 2019 and were asleep until July 2021, when they began to be used to launch attacks.
But they include many other examples, generally used in Phishing campaigns. The objective is to redirect victims to malicious, fake sites that have simply been created with the mission of stealing information, passwords and, ultimately, putting security and privacy at risk.
Ultimately, attacks through old domains are more likely than those that have been recently registered. At least they have higher probability that threat detection systems will take longer to classify as dangerous and will be able to reach more victims in a short time.
What to do about this? It is important to always maintain security in any domain we have, even if it is from a page that we no longer have active. A hacker could put his eyes there and use it to commit a crime. Also, for private users who browse the Internet, it is always advisable to check the page where they are browsing very well and in case of doubts, look for information.