Hacker abusing .arpa domain to evade phishing detection, says Infoblox
Summary
Threat actors are exploiting a feature in DNS record management to use the .arpa top-level domain for hosting phishing content. By creating A records for reverse DNS names instead of the expected PTR records, attackers can bypass traditional phishing detection methods and lure victims to malicious landing pages to steal sensitive information.
IFF Assessment
This technique allows threat actors to bypass security platforms, making it harder for defenders to detect and block phishing attacks.
Defender Context
Defenders need to be aware of this novel phishing technique that abuses the .arpa domain, as it can evade existing security controls. Organizations should consider enhancing their DNS security measures and user awareness training to mitigate the risk of this sophisticated social engineering attack.