Blue Coat warns of One Day Wonders
Short-lived domain names are being used for cyber attacks
Blue Coat has warned nearly one quarter of all short-lived websites created by the 50 most prolific web parent domains are being used for cyber attacks.
A new report from Blue Coat Security Labs says that analysis of these so-called ‘One Day Wonders' shows that 22% are used in cyber crime, and that attackers are able to use the huge volume of these sites to hide their activities.
The report said that around 470 million websites exist for less than 24 hours, around 71% of all hostnames. The majority of One Day Wonders are created for legitimate content sharing and delivery, with major web organisations such as Google, Amazon and Yahoo! as well as web optimisation companies among the largest creators of hostnames.
Twenty-two percent of sites created by the top 50 parent domains that most frequently used One-Day Wonders, are mailicious. These domains use short-lived sites to facilitate attacks and manage botnets, taking advantage of the site being "new and unknown" to evade security solutions. For example, One-Day Wonders can be used to build dynamic command and control architectures that are scalable, difficult to track and easy to implement. Alternatively, they can be used to create a unique subdomain for each spam email to avoid detection by spam or web filters.
"While most One-Day Wonders are essential to legitimate Internet practices and aren't malicious, the sheer volume of them creates the perfect environment for malicious activity," said Tim van der Horst, senior threat researcher for Blue Coat Systems. "The rapid building up and tearing down of new and unknown sites destabilizes many existing security controls. Understanding what these sites are and how they are used is a key to building a better security posture."
One-Day Wonders are particularly popular with cyber criminals because security solutions are not able to track dynamic domains in the same way as static domains. They also overwhelm security solutions through high volumes, and also hide from security solutions, by simply combining One-Day Wonders with encryption and running incoming malware and/or outgoing data theft over SSL, organisations are typically blind to the attack, impacting their ability to prevent, detect and respond.
Blue Coat says that to tackle the threat from One Day Wonders, companies need Security controls which are informed by automated, real-time intelligence that can identify and assign risk levels to these sites. Policy-based security controls must also be enabled to act on real-time intelligence to block malicious attacks.