Domain owners often park them and use the services of special providers to monetize domains through ad networks, while they are not used for their intended purpose.
Palo Alto Networks specialists tellthat from March to September 2020, they discovered about 5,000,000 new parked domains, and about 1% of them are used by hackers to spread malware and within phishing campaigns; about 2.6% are now associated with adult content or gambling; and another 30.6% are suspicious.
“Oftentimes, parking services and ad networks have no means or willingness to filter out intruders,” analysts from Palo Alto Networks write. "Therefore, users are exposed to a variety of threats, including the distribution of malware, potentially unwanted software, and phishing scams."
Such attacks target victims from all over the world, including the United States, Britain, France, Japan, Korea and Italy.
Used by parked domains and Emotet botnet operators. Their campaign targets many different industries, from government and education to energy, manufacturing, construction and telecommunications.
For example, one of the domains used in the attacks, valleymedicalandsurgicalclinic (.) Com, was registered on July 8, 2020 and was parked immediately. Starting on September 14, just two months after registration, this domain became malicious and began spreading various malware. Among other things, it was used to distribute Emotet payloads via phishing emails, which ultimately led to account theft and complete takeover of infected devices.
“The documents attached to phishing emails contain scripts-macros that communicate with the control servers from the victim's machines. Emotet downloads Trojans to affected devices that steal victims' credentials and completely compromise the system, ”the experts write.