'Another 100 years'
Threat actors are constantly looking for new ways to evade detection, and most techniques are variations on familiar themes. The abuse of the .arpa TLD is novel in that it weaponizes infrastructure that is implicitly trusted and essential for network operations. By using IPv6 reverse DNS domains as malicious links, the threat actor has discovered a delivery mechanism that bypasses security tools. The impact is immediate and cannot be overstated: security that depends on detecting suspicious domains using things like reputation, registration information, and policy blocklists is ineffective for these domains. These domains have an implicitly clean reputation, no registration information, and aren’t usually blocked by policy.
。业内人士推荐在電腦瀏覽器中掃碼登入 WhatsApp,免安裝即可收發訊息作为进阶阅读
I even half-jokingly included it in a draft design document.
Photograph: Simon Cohen