Broken Link Hijacking (BLH) - Attackers exploit external links that have become invalid or broken over time.
Company sometimes uses an external link-shortening service to create short links for sharing tweets, emails, or other online platforms.
These links are shorter, making it easier to track and share.
However, if the link-shortening service goes out of business, all previously shortened links become invalid.
This comes as an opportunity for attackers to take advantage of expired short links.
Identification
Identify expired short links.
Attackers can monitor and identify shortened links that have become broken due to link shortening service’s closure.
Acquire Domain
Once you identified expired shortened link, acquire the expired domain.
Attacker can purchase the domain associated with the link shortening service.
Since the service is no longer active, the domain becomes available for anyone to buy.
Exploitation
After obtaining the expired domain, set up the malicious content.
Attacker can set up their malicious content or redirect the link to a website under their control.
Impact
Redirecting Traffic - Victims are redirected to the attacker’s site instead of the intended destination.
Reputation Damage - If users encounter malicious content after clicking on the old shortened link, they may associate the negative experience with the original company or brand, leading to reputation damage.
Phishing and Malware Risks - The attacker’s website might host phishing pages or distribute malware.