The Risks Associated with Abandoned Domains

The Risks Associated with Abandoned Domains

In the third week of November 2020, The Duke-Sanford research team observed a peculiar spike in undesired third-party code. Of the 674 malware impressions from that week, 630 of them rendered from an abandoned domain on a popular news website.

An abandoned domain is a unique security risk relative to the typical adware campaigns that our team observes. These domains are the remnants of previously owned websites. They are the URLs and code for domains that companies owned before they went out of business, or lost ownership for some other reason.

In the free-for-all spirit of the digital ecosystem, such domains are brought to market and sold to the highest bidder. The new owners can then repurpose the existing website’s infrastructure to deliver whatever kind of content they choose. In this case, that content was more undesired third-party code.

If you are asking why abandoned domains are allowed to exist at all, you are not alone. The existence of abandoned domains is evidence enough that the digital ecosystem is dangerously unregulated. The practice of repurposing a previously owned website into whatever the highest bidder wants is an area that needs attention from policymakers. The same can be said for the markets for abandoned domains, and their monetization. These markets ought not exist in the first place and they certainly should not be profitable. Still, those who organize the market process stand to gain from the buying and selling of abandoned domains, as do those who use them to spread content like phishing attacks and tracking software.

This points to the unintended consequences of the current internet architecture– for a price, threat actors can use other peoples’ now-unowned online infrastructure to make money, attack internet users, and spread misinformation. Worse still, this particular domain was serving content in the advertising space on a popular news website, meaning that a well-respected company was exposing its users to these attacks in order to maximize advertising revenue. And at the end of this trail stands the unaware user, reading the daily column on their favorite news outlet’s website. Little do they know that the online advertising revenue model has placed them in a vulnerable position to malicious actors. All it takes for that risk to be realized is one wrong click.

In the third week of November 2020, The Duke-Sanford research team observed a peculiar spike in undesired third-party code. Of the 674 malware impressions from that week, 630 of them rendered from an abandoned domain on a popular news website.

 

by HARRISON GRANT, Political Science B.A., The University of North Carolina at Chapel Hill

   

Data Privacy Regulation FAQs 

Misinformation FAQs


Digital3PC.com is an independent platform that brings together the best minds from tech, government, research, and academia to shape the future of cybersecurity policy and offer best practice solutions when responding to cyber threats. The most common access point for malware spread, data breaches, IP theft, election meddling, disinformation campaigns, and cyberwarfare is malicious third-party code (3PC) that makes its way into our websites, apps, and IoT devices. The compromise of the digital ecosystem erodes user trust and the credibility of media organizations, and undermines the integrity of our democracy, economy, and public safety.

tracing app