The Cybersecurity Threat Lurking in Plain Sight

image provided by pixabay

This post is also available in: עברית (Hebrew)

Research reveals that the internet is filled with millions of clickable links that redirect users to malicious destinations, also nicknamed “hijackable hyperlinks,” and they apparently exist even on highly trusted websites of large companies, religious organizations, financial firms, and even governments.

The paper titled “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains” proves that online cybersecurity threats can be exploited at a drastically greater scale than what was previously thought, and claims that these links can be hijacked without triggering any alarms.

But firstly, what are hijackable hyperlinks? One prominent example is when programmers mistype web addresses in their code, and this typo then directs users to an unpurchased domain, nicknamed “phantom domains.” However, this hijacked traffic can be directed toward a range of traps, including malicious scripts, misinformation, offensive content, viruses and other dangers.

According to Techxplore, the authors of the study used high-performance computing clusters to process the whole browsable web for such vulnerabilities, finding over 572,000 phantom domains, many of which were found on supposedly trusted websites. The researchers then investigated the errors that caused these vulnerabilities and categorized them, finding that most were caused by typos in hyperlinks, but some were caused by another type of programmer-generated vulnerability they call “placeholder domains.”

They explain that when programmers develop a website that doesn’t have a specific domain they often use a phantom domain and intend to fix it later. This is especially common in website design templates where some components are purchased from another programmer and not developed in-house. The phantom domains are often not updated when the design template is installed on a website, making links to them hijackable.

The researchers purchased 51 phantom domains and observed the incoming traffic and saw substantial traffic coming from the hijacked links.

When it comes to taking action, the researchers recommend increased awareness for the average user. For people in control of company websites, they suggest that website operators “crawl” their websites for broken links and fix them before they are hijacked.

This information was provided by Techxplore.