A fraudulent site can be created on a legitimate subdomain by criminals preying on companies that have misconfigured DNS records.
A fraudulent site can be created on a legitimate subdomain by criminals preying on companies that have misconfigured DNS records.
POOR LIFE CYCLE MANAGEMENT OF DNS RECORDS
Large organizations with diverse brand portfolios and international operations are often unaware of the scale of their digital footprint. Digital records accumulate over time, and this makes maintaining cyber hygiene a real challenge. Without proper oversight of digital records and administration, organizations accumulate “noise” that makes simple cyber hygiene and housekeeping more complex, resulting in easy exploits for cyber criminals.
This issue is further compounded when management is decentralized, or when there’s staff turnover. Marketers might take down websites with a paid hosting provider when a brand is retired or a campaign is no longer running, but sometimes inadvertently leave the associated DNS records intact. Administrators, unaware of its history, are hesitant to delete these legacy records—fearing they may be tied to critical infrastructure that will inadvertently bring down operations. This buildup of inactive zones that don’t point to content are known as “dangling DNS” and are at risk of subdomain hijacking. This opens a gateway for other cyberattacks such as phishing, malware, and ransomware.
WHAT IS A SUBDOMAIN HIJACK?
Cybercriminals diligently monitor the internet for publicly available information on DNS zone records to carry out subdomain hijacking, also known as subdomain takeover or lame delegation. It’s a cyber threat executed when an attacker gains control of a legitimate subdomain that’s no longer in use, then cleverly exploits the forgotten or misconfigured dangling DNS to host their own content on the previously used zone.
Innocent web users land on these subdomains loaded with the criminal’s illegitimate content, all without the criminal infiltrating an organization’s infrastructure or third-party service account. Aside from reputation damage and loss in consumer confidence, a subdomain hijack could lead to more damaging data and security breaches.
WE'RE READY TO TALK
Our specialists are ready to answer your questions about Subdomain Monitoring.
