This is not a drill; repeat, this is not a drill!
Google recently announced 8 new Top Level Domains (TLDs) that users can purchase and register for websites. Among that list includes TLDs .zip and .mov. These legitimate file extensions represent archive files and movie files, but now they can also be domains.
Let’s walk through why this might be a problem:
Image for a second that you are onboarding a new employee. As part of the onboarding process, this new employee must go to the shared drive and download a zip file with employment docs they must complete.
Your training manager sends this new employee an email telling them to go to the shared drive and download the newemployeeorientation.zip file. Unannounced to the training manager Outlook has been updated to recognize .zip as a valid TLD, and as such, it attempts to convert newemployeeorientation.zip into a hyperlink automatically (looking like this newemployeeorientation.zip).
Your new employee clicks on this hyperlink, thinking that the training manager is being friendly and hyperlinking directly to the files on the shared drive for them. In reality, the new employee’s computer reaches out to a website that a malicious cyber actor had previously registered. On that website, the actor hosts a zip file called newemployeeorientation.zip that is loaded with malware.
Your new employee inadvertently downloaded that zip file, thinking it’s the documents the training manager sent them. They open it, and now malware is executing on your network.
As with most not commonly used TLD, there are very few legitimate reasons for a business to use them. Domains like .top, .biz, and .info are filled with malware and phishing domains. You should already be using a DNS sinkhole to block these domains.
If you already do this, I highly recommend adding .zip and .mov to that list. Employees can request exemptions to this blocking policy if there is a legitimate business need for it, but for your safety, block these domains before the phishing campaigns start in earnest.