Internet Infrastructure TLD .arpa Abused in Phishing Attacks
Summary
Threat actors are abusing the internet infrastructure TLD .arpa in phishing attacks by hiding the location of malicious content. This is achieved by manipulating DNS record management controls, with attackers leveraging services like Cloudflare to obscure their infrastructure.
IFF Assessment
FOE
The abuse of core internet infrastructure like .arpa for malicious purposes poses a significant threat to users and organizations, making it bad news for defenders.
Defender Context
This highlights a novel attack vector where fundamental internet infrastructure is being weaponized. Defenders need to be aware of this emerging technique and consider enhanced DNS monitoring and analysis for suspicious activity, especially related to the .arpa domain.