Security Awareness – File Extensions as Top-Level Domains Could Cause Confusion and may Become Potential Exploitation Vector

Researchers at Trend Micro posted a blog analyzing security risks emanating from recent activity by Google which created Top-Level Domains (TLDs) that are mostly known for being well-known file extensions. There has been some debate among the security community on whether concerns over this action are warranted. Nonetheless, members are encouraged to share this development with users who might be quick to click.  

In May 2023, Google introduced eight new top-level domains (TLDs) that notably included .zip and .mov. These domains, while seemingly harmless, can pose security risks due to threat actors exploiting them for malicious purposes. One of the primary security concerns is exploiting these TLDs through various methods to hide malicious URLs behind legitimate websites. To defend against this potential threat, users should be reminded to exercise caution when receiving URLs with unfamiliar top-level domains (TLDs). Read more at Trend Micro.