Attacks and Threats

What is Broken Link Hijacking?

Threat actors love to play with client-side websites or web applications. In broken link hijacking, the threat actor takes over unused, stale, expired, non-resolving, or invalid external links on websites or web applications. Threat actors hijack broken external links for a variety of nefarious purposes. In some cases, they will load external resources such as malware from these links. They might even register expired domains to load malicious JavaScript directly in the user’s browser, a.k.a. the client-side of a web application.

To reduce exposure to broken link hijacking attacks, businesses must practice good cybersecurity hygiene. The security and the marketing teams need to work closely together to make sure all links on a website or in web applications are in fact valid and in use. If the links are broken, expired, or no longer resolve to the chosen website, links must be removed or replaced immediately.