How do attackers choose which sites to hit?
They typically don’t. They use automated scanning tools to rip through a giant list of domains and do “subdomain enumeration” to find your servers and launch attacks against them.
One way they do this is to look for Apple App Association files, which are files. Hosted on your website that indicates where/how deep linking into iOS apps is allowed or should happen.
We found this in a Wafris report as the business operated only in the midwest but was repeatedly scanned by a 🇳🇱 Dutch server.
Top comments (0)