Google announced 8 new top-level domains for dads, grads and techies.
See the news article here https://blog.google/products/registry/8-new-top-level-domains-for-dads-grads-tech/
Although all domains can be potentially dangerous in this one the .zip caught the attention.
If you check the further registered .zip domains It’s possible that these are going to be used for malicious purposes. (microsoftdefender_zip, Microsoft-update_zip, Office365-update_zip, officeupdate_zip, microsoftoutlook_zip, ….)
Google’s new .zip Top Level domain is already used in phishing attacks so I started to investigate how to easily block them at Modern Workplaces.
Additional to Google TLDs it is advisable to block some other TLDs that appear in the SPAMHaus Top 10. The Spamhaus Project – The Top 10 Most Abused TLDs (.rest, .wiki, .live, .xyz …)
The best way to block TLDs via Intune is to create a reusable setting and create a firewall rules policy.
Click Endpoint security > Firewall and choose Tab Reusable settings
The use of Reusable settings is very handy and can save you a lot of time because you can use these settings in other firewall policies and when there is a need to edit these settings this only needs to be done at one place.
Enter a Name and Description
Add the domain *.zip, *.foo and *.Mov
Configure the Instances Auto Resolve : True and add the keyword.
After the instances are added and the settings are saved switch back to the Summary tab.
At Firewall Polcies > Create Policy
Select Platform Windows 10, Windows 11, Server for Platform
Profile Windows Defender Firewall Rules
Give Name and Description and Click Next
Under Reusable Groups Click Set reusable settings and choose Block Google TLDs
Under Rule properties > Click Edit Rule,
change the options :
Name: Block Google TLDs
Interface Types: All
Network Types: FW_PROFILE_TYPE_ALL : This value represents ….
Direction: The rule applies to Outbound traffic.
Don’t forget to switch the Action to Block
Click Next > Next
Add assignments, add a test group of devices first.
Click Next followed by Create
The rule is created and ready for testing.
On a device where the rule is applied the domain www.url.zip will be blocked.
More information :
I already blocked several gTLDs –
The Top 10 Most Abused TLDs’ https://www.spamhaus.org/statistics/tlds/
More information about TLds and gTLDs