Hackers may be hiding in plain sight on your favorite website

Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

Getty Images

An offshoot of DNS hijacking, domain shadowing provides the ability to create malicious subdomains by infiltrating legitimate domains. As such, shadowed domains won’t have any impact on the parent domain, which naturally makes them difficult to detect.

Cybercriminals can subsequently use these subdomains to their advantage for various purposes, including phishing, malware distribution, and command and control (C2) operations.

“We conclude from these results that domain shadowing is an active threat to the enterprise, and it is hard to detect without leveraging automated machine learning algorithms that can analyze large amounts of DNS logs,” Unit 42 stated.

Once access has been obtained by threat actors, they could opt to breach the main domain itself and its owners, as well as target users from that website. However, they’ve had success by luring in individuals via the subdomains instead, in addition to the fact that the attackers remain undetected for much longer by relying on this method.

Due to the subtle nature of domain shadowing, Unit 42 mentioned how detecting actual incidents and compromised domains is difficult.

In fact, the VirusTotal platform identified just 200 malicious domains out of the 12,197 domains mentioned in the report. The majority of these cases are connected to an individual phishing campaign that uses a network of 649 shadowed domains via 16 compromised websites.

A system hacked warning alert being displayed on a computer screen.
Getty Images

The phishing campaign revealed how the aforementioned subdomains displayed fake login pages or redirected users to phishing pages, which can essentially circumvent email security filters.

When the subdomain is visited by a user, credentials are requested for a Microsoft account. Even though the URL itself isn’t from an official source, internet security tools aren’t capable of differentiating between a legitimate and fake login page as no warnings are presented.

One of the cases documented by the report showed how an Australian-based training company confirmed it was hacked to its users, but the damage was already done through the subdomains. A progress bar for the rebuild process was showcased on its website.

Currently, Unit 42’s “high-precision machine learning model” has discovered hundreds of shadowed domains created on a daily basis. With this in mind, always double-check the URL of any website that requests data from you, even if the address is hosted on a trusted domain.

Editors’ Choice

Repost: Original Source and Author Link


Apple’s Rumored AR Headset Has Been Hiding in Plain Sight

With the introduction of AirTag, HomePod Mini, and a ton of services and subscriptions in recent years, Apple has been moving outside its traditional Mac-iPhone-iPad lineup. All that will pale in comparison to what’s rumored to come next: A full-featured mixed-reality (MR) headset.

Yet while this new device might seem like a surprise totally out of left field, Apple has actually been leaving all sorts of breadcrumbs to clue up savvy observers, intentionally or not.

When you add these hints together, it seems like Apple has all the pieces of the puzzle ready — it just needs to put them together. That makes it feel an awful lot like Apple’s MR headset has been hiding in plain sight for years.

Apple’s lidar long game

To see what I mean, we need to take a look at the iPad Pro’s camera setup. Or rather, at one of the lenses contained within the camera array: The lidar scanner. This scans and maps your surroundings, such as the room you are in, helping to enable augmented reality (AR) features for use in apps and games. It has since spread to the iPhone and, if rumors are to be believed, will also make an appearance on Apple’s headset, where it will be essential for creating realistic AR environments.

According to The Information, Apple’s headset will come with up to a dozen cameras and lidar sensors. If that turns out to be correct, the knowledge Apple gleaned from first equipping the 2020 iPad Pro with a lidar scanner will have been invaluable for incorporating this tech into its AR headset. Although no one realized it at the time, Apple was likely playing the long game.

Face ID led the way

iphone x notch
Julian Chokkattu/Digital Trends

There is another thing that Apple has perfected on the iPhone that it can transfer to its upcoming headset: Its biometric sensors. On the iPhone and iPad Pro, this takes the form of Face ID. On the company’s headset, rumors indicate it will be realized as an iris scanning feature — and perhaps more.

An iris scanner would be used to authenticate purchases or unlock your accounts in much the same way Face ID currently does in the iPhone and iPad Pro. That’s according to reliable Apple analyst Ming-Chi Kuo, who also believes the headset will contain six cameras for “innovative biometrics.” While the iris scanner likely comes under that heading, it is unclear what else Apple could have up its sleeve in this area. It sounds encouraging, though, given Apple’s ability to combine high-end biometrics with robust security in the past.

And that is important because any iris scanning capability will need to be able to store your unique biometric data in an incredibly secure way so as to prevent rogue actors from hijacking it for nefarious purposes. Face ID is already adept at walling off potential attacks and much of the underlying tech that powers that security will likely be repurposed in Apple’s iris scanner.

AR acquisitions

Apple's rumored virtual reality headset

Face ID may have provided some early hints at what is to come in Apple’s AR headset, but it is not the only piece of kit that Apple has been learning from. The company has been buying a host of other companies in recent years, and while predicting what it might do next based on the companies it buys is often akin to reading tea leaves, there are some places where we can see the headset’s fingerprints.

Some of the companies Apple has bought could well be headed to the upcoming headset, like virtual reality firms NextVR and Spektral. Others are less clear cut, such as the companies Apple has been snapping up that are thought to now be contributing towards its self-driving car project, or that will likely have their tech incorporated into future iPhones.

Yet just as with Apple’s biometric advances, there are likely plenty of things the company can learn from adding new camera- and image-processing tech to its mobile devices that could also be translated across to an augmented reality headset. Apple often buys companies not just for the tech they possess but for their gifted workers, too. By purchasing specialized tech firms that have experience in things like advanced algorithms, Apple is strengthening its pool of engineers that is already brimming with talent.

Apple Silicon goes virtual

Apple M1 chip in an iPad Pro

One thing Apple has not had to buy is its in-house M1 chip. Indeed, rather than rely on a third-party outfit to provide its Mac chips ready-made, Apple is now designing its own — with superb results. While all this research and development was thought to be aimed squarely at the Mac, it could also see significant use in Apple’s headset.

Reporter Mark Gurman, who is one of the most accurate Apple analysts out there, has claimed Apple is testing various chips to power its forthcoming headset. All will be chips designed in-house, and some rival the M1 for power and performance. Given how well we know the M1 performs in various Macs, that is great news.

But it is not just how to make a performant chip that Apple has learned when making the M1 — it is how to make an incredibly efficient one, too. That is of utmost importance in something like a headset, where the brains of the machine are in close proximity to your own grey matter, and keeping everything cool and cozy is the difference between comfort and irritation.

Everything that helps the M1 succeed can feasibly do the same for Apple’s headset. If Gurman is right, it would suggest Apple had more than just Macs in mind when it started its quest to build its own world-beating chips.

Editors’ Choice

Repost: Original Source and Author Link