Hackers Use Transient Websites To Facilitate Attacks

Research by security vendor Blue Coat suggests the majority of web pages that appear online on any given day exist for less than 24 hours.

Most of these ‘One-Day Wonders’ are created by organisations that have become a part of the fabric of the Internet, such as Google, Amazon and Yahoo. However, approximately one in five domains hosting such content are also employed by cyber criminals, who use the sheer volume of new websites and the lack of information about them as a shield.

Temporary trouble

Blue Coat analysed more than 660 million unique hostnames requested by 75 million users over a 90-day period in 2014. The company found that 71 percent, or 470 million, were One-Day Wonders, sites that appeared only for a single day.

In the majority of cases, such pages are set up automatically to create, share and deliver content. But researchers discovered that 22 percent of the top 50 domains used to host One-Day Wonders were malicious. These domains use short-lived sites to facilitate attacks and manage botnets, among other things.

Blue Coat said such sites were favoured by cyber criminals since using them wouldn’t set off any alarms, while a high volume of domains increased the chances that some percentage would be missed by security solutions. By combining One-Day Wonders with encryption, hackers could effectively blind the organisation to the attack.

The company added that such techniques could be used to build dynamic Command and Control (C&C) architectures that are scalable, difficult to track and easy to implement. During the analysis, the most popular malicious domain was seen using One-Day Wonders to hide a C&C server for a Trojan dialer among its 1.3 million subdomains.

The same techniques can be used to create a unique subdomain for each spam email to avoid detection by spam or web filters.

“While most One-Day Wonders are essential to legitimate Internet practices and aren’t malicious, the sheer volume of them creates the perfect environment for malicious activity,” said Tim van der Horst, senior threat researcher for Blue Coat Systems.

“The rapid building up and tearing down of new and unknown sites destabilizes many existing security controls. Understanding what these sites are and how they are used is a key to building a better security posture.”

In order to protect against the attacks that rely on One-Day Wonders, Blue Coat advises organisations to implement policy-based security controls informed by automated, real-time intelligence.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

The State of Quantum Security

No longer a technology on the distant horizon, quantum computing brings with it security challenges…

7 hours ago

US Carmakers Warn Over Upcoming Electric Vehicle Incentives

Climate and tax bill worth $430bn passed by US Congress last week could immediately eliminate…

8 hours ago

Mercedes-Benz And CATL To Build Massive EV Battery Plant In Hungary

Mercedes-Benz and world's biggest EV battery maker CATL to build 7.3bn euro battery plant in…

9 hours ago

ESA In Talks With SpaceX Over Launches To Replace Soyuz

European Space Agency confirms it is in talks with SpaceX over using Falcon 9 as…

9 hours ago

Disney Brings Ads To Streaming Platform As It Surpasses Netflix

Disney to introduce ad-supported version of Disney+ in December along with price hikes, as it…

10 hours ago

Meta Gathers AI Data As Chatbot Calls Zuckerberg ‘Creepy’

Facebook parent Meta gathers data from user interactions with latest chatbot as BlenderBot 3 criticises…

10 hours ago