Election Domain Names
Kacey C at DigitalShadows.com wrote a very ind depth article on domain names and the upcoming election.
Delving into which names are being used for malicious purposes and which are just bad for a candidates brand.
She looked at domain names in three different categories:
- Misconfigured or illegitimate sites: Typosquats that were not correctly configured when initially created and aren’t hosting anything but an index page, as well as typosquats that likely are not legitimate but look like they could be
- Non-malicious: By far the largest category we detected, mainly consisting of typosquatted domains that are either not hosting content or are hosting content that includes a small amount of brand-damaging content
- Redirect: Typosquats that redirect the user to a different website
From the article:
Non-malicious sites have a 67% majority.
Digital Shadows found that 67% of the 225 sites related to presidential candidates or the election were non-malicious. Compared to an 8% minority in 2019, that’s good news, right? Well, kind of. Most of the non-malicious sites that we detected were parked domains, which can act as a false sense of safety; sure, it’s not hosting right now, but that can change within an instant and without warning. Additionally, if a parked domain has an MX (Mail eXchange) record, it could potentially be leveraged in a phishing campaign, which we know is bad news all around.
As we said, many of the non-malicious domains were parked, but some showed negative sentiment. This is slightly more on the brand-damaging side of things. For example, biden2020[.]com displayed anti-Biden content, specifically underlining, “the dangers of voting for Biden.”
Check out the full article at Digital Shadows