Warning! Possibility of Cyber Attacks that Exploit Domains

Since 2014, new top-level domains (hereinafter referred to as new gTLDs) have begun to operate one after another. In this article, we’ll look into the possibility of cyber attacks that exploit domains, including the newer gTLDs.

In the past, when internet connection speeds were slow, companies and organizations set up proxy servers to speed up internet connection. This proxy server technology was also sometimes used by companies and organizations to monitor those internet connections. However, in order to avoid the complexity of setting up a proxy server on each terminal, companies and organizations with a large number of users have since introduced technology to automatically configure proxy servers– one of which is the WPAD (Web Proxy Auto-Discovery). This technology was first implemented 20 years ago in 1996 on the Netscape Navigator 2.0 and is still used on Internet Explorer and other devices, though it was never standardized due to security issues. However, Microsoft, which is also a proponent of WPAD technology, continues to use the technology and automatic proxy settings appear to be enabled by default on Windows Internet Explorer. In places such as government offices and schools that continue to use older machines, operating systems, and browsers, it appears that many browsers continue to be used with these settings.

If WPAD is misused, the attacker can connect browsers to an unauthorized proxy server enabling a wide range of attacks, including induction to phishing sites, stealing login information using a fake authentication screen (man-in-the-middle attack), and monitoring communication content.

We would like to ask all companies and organizations to take a look into this.

URL http://www.trendmicro.co.uk/media/misc/wp-badwpad.pdf

Contact: info@ckl.kyoto