A recent report from cybersecurity company watchTowr Labs revealed an alarming way that hackers exploit outdated systems: by taking control of abandoned websites.1 Their research showed that more than 4,000 hacked systems, including those belonging to governments, universities, and businesses, were still trying to communicate with these expired websites, which hackers once used to control compromised systems. This discovery highlights the ongoing risks posed by forgotten digital infrastructure and what we can do to protect ourselves.
Breaking Down the Findings
The report detailed how watchTowr Labs acquired over 40 expired website domains for just $20 each. These websites had previously been used by hackers as command-and-control servers, which are systems designed to send instructions to hacked devices or collect stolen data. When the domains expired, watchTowr Labs purchased them and observed the activity of compromised systems that were still trying to connect.
The compromised systems included government entities, academic institutions, and private companies. Many of these systems had backdoors installed, which are hidden pathways that allow attackers to regain access whenever they want. Some backdoors were simple tools that enabled hackers to execute basic commands, while others were advanced programs capable of stealing data, brute-forcing passwords, and even removing themselves to evade detection. The researchers also discovered that some of these backdoors contained vulnerabilities, meaning hackers unknowingly created tools that could be exploited by other attackers.
This isn’t just a problem for businesses or foreign governments; universities are common targets for cyberattacks. The report identified compromised systems belonging to academic institutions in China, South Korea, and Thailand, highlighting how educational networks, with their large number of users and devices, can be exploited.
What This Means for Students
While this specific incident didn’t target Fordham University, the findings highlight how similar vulnerabilities could impact any university, including ours. Large networks like those at universities are especially vulnerable to cyberattacks because of the variety of users and devices connected to them. Here’s how you could be affected:
- Compromised Devices – If hackers can install backdoors on personal or university-owned devices, they can access sensitive data like personal information, academic records, or research.
- Targeted Phishing Campaigns – Hackers often use phishing emails to install backdoors. Clicking a suspicious link could lead to your devices being compromised.
- Impact on University Services – Compromised systems can lead to disruptions in university operations, such as delayed access to email, course materials, etc.
How Can You Protect Yourself?
- Be Cautious with Emails – Always be wary of unexpected emails, especially those asking you to click links or download files. If you suspect an email is phishing, report it using the PhishAlarm tool in your Gmail inbox. It’s an icon on the right side of your screen that looks like a hook with an envelope. This tool not only removes the email from your inbox but also alerts the university’s cybersecurity team.
- Stay Updated – Keep your devices updated with the latest software and security patches. Outdated systems are easier for hackers to exploit.
- Use University IT Services – If you experience a technical issue or suspect your account or device has been compromised, contact the IT Service Desk immediately:
- Call 718-817-3999 anytime.
- Email HelpIT@Fordham.edu or visit the Tech Help portal through My Pages on Fordham’s website.
- Lakshmanan, Ravie. “Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems.” The Hacker News. 13 Jan. 2025, https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html ↩︎