In its expansion of top-level domains (TLDs), Google Registry has introduced eight new domains, including .dad, .phd, .prof, .esq, .foo, .nexus, .zip, and .mov. These additions aim to cater to various interests such as dads, graduates, tech enthusiasts, and professionals. However, the introduction of the .zip and .mov domains has triggered a lively debate among experts regarding their potential impact on the internet and web security as a whole.
These concerns stem from the potential misuse of these domains by threat actors for phishing attacks and malware delivery. As organizations navigate this evolving landscape, raising awareness about the associated risks and providing guidance on maintaining online security becomes crucial.
While these domains have been available since 2014, their recent general availability allows anyone to purchase a domain with extensions such as mycompany.zip for hosting websites or email addresses.
The concern arises from the fact that ‘.zip’ and ‘.mov’ are also file extensions commonly associated with ZIP archives and MPEG 4 videos, respectively. As a result, various online platforms and applications automatically convert filenames with these extensions into URLs, making them clickable links. This automatic conversion process poses risks, as users may assume that these URLs provide a secure pathway to download associated files from trusted sources.
However, threat actors could exploit this trust by registering a ‘.zip’ or ‘.mov’ domain with the same name as a linkified filename.....