A recently discovered zero-day bug has allowed cybercriminals to register malicious domains. The bug in Verisign and IaaS services permitted domains with homoglyphs.
A researcher from Soluble has found a zero-day bug that allowed registering malicious domains. The bug existed with Verisign and numerous IaaS services that could permit potential attackers to register domains with homoglyphs. Hence, the attackers may use these subdomains to prey on internet users by registering domains similar to those of popular services.
Elaborating their findings in a blog post, the researchers stated,
In brief, to prevent homograph attacks, numerous companies implemented restrictions in registering domains and subdomains using mixed scripts. However, Verisign and some IaaS services missed doing so adequately. Hence, it became possible to register domains with homoglyphs within the Unicode Latin IPA Extension character set.
Exploiting the same bug allowed the researcher to register numerous domains impersonating prominent firms, such as amɑzon.com, sɑlesforce.com, ɡmɑil.com, and ɑppɩe.com.
However, what’s terrible is that the researcher found active exploitation of the bug in the wild. Specifically, the exploitation could date back to 2017, hence, rightly classifying the bug as a zero-day.