The Top Domains that Threat Actors Prefer

Amidst thousands of top-level domains (TLD) available, researchers at Palo Alto Networks have identified the most widely exploited TLDs by threat actors. The researchers discovered threat actors prefer a small group of 25 TLDs, accounting for 90 percent of all malicious websites. Threat actors prefer exploiting .com and .net TLDs because they appear more legitimate to victims and thus improve success rates. The TLDs that spread the most malware include .ga, .xyz, .cf, ,tk, .org, and .ml. The researchers also discovered that malicious domains are more frequently registered in developing countries, with six out of the top ten TLDs originating from the developing world. To protect your utility from malicious TLDs, members are encouraged to utilize URL filtering to block traffic from TLDs not commonly used for business purposes. Read more at BleepingComputer.