How You Can Be Hijacked Without Actually Being Hacked

Mark Flegg  / Reporter

Source : https://circleid.com/posts/20230501-how-you-can-be-hijacked-without-actually-being-hacked

Unsuspecting website visitors are often unaware when they have landed on a spoofed page or are re-directed to malware-hosting web servers designed to steal their sensitive data and information. This attack is known as subdomain hijacking, or subdomain takeover. A web user’s private information is then traded on the dark web, and cybercriminals profit, further fueling the expansion of identity theft in the online world.

In a space shrouded by anonymity by design, the brands and organizations targeted may not be directly compromised, however, they likely forgot about domain name system (DNS) records that were left behind or misconfigured, leaving their customers open to theft. In the past, this has been known as a lame delegation or dangling DNS. Cybercriminals monitor the internet for publicly available information, including DNS zone records, that point to destinations no longer used by a brand. By hosting content on cloud providers who don’t run verification checks, criminals can request a previously used zone destination and start to again receive web users landing on these subdomains loaded with their own illegitimate content, all without infiltrating an organization’s infrastructure or third-party service account. Aside from reputation damage and loss in consumer confidence, the fraudulent web pages and associated emails could be used in phishing campaigns and malware distribution, leading to more damaging data and security breaches.