Security Awareness Podcast

Security Awareness Notice

August 30, 2023 Florian Season 1 Episode 1
Security Awareness Podcast
Security Awareness Notice
Show Notes

We are a team of security researchers from Certitude Consulting (https://certitude.consulting), a leading IT security consulting firm in Vienna, Austria. We have taken control of this subdomain to safeguard the public from potential harm. Through this proactive measure, we are thwarting malicious actors from exploiting the subdomain to spread disinformation, distribute malware, or launch phishing campaigns.


 Understanding Dangling DNS Records


When a domain or subdomain has been associated with a specific service hosted on a cloud platform, and that service is no longer in use (due to subscription cancellation or failure to pay for the service), the DNS records continue to point to a non-existent cloud resource, creating what's known as a "dangling" configuration. If cloud service providers do not implement specific countermeasures, unauthorized attackers could commandeer this inactive resource, thereby gaining control over the content of the domain or subdomain.


 Exploiting Dangling DNS Records for Subdomain Hijacking


In a subdomain hijacking scenario, an attacker registers an account on the cloud platform and links the account to the dangling DNS records. Since the organization’s DNS records persistently guide to the cloud platform's endpoint, the attacker gains effective control over the subdomain. This method of attack is commonly referred to as "subdomain takeover" or "subdomain hijacking."


 Consequences of Subdomain Hijacking


Dangling DNS records pose a critical vulnerability due to the potential for malicious content to be hosted by attackers under the guise of a trustworthy organization. A subdomain takeover can lead to various forms of attack, including:

•         Malware Distribution: Attackers can employ the subdomain as a hosting platform for distributing malicious software.

•         Disinformation Spread: Malicious actors capitalize on the credibility of reputable entities such as media outlets, government bodies, or universities, using subdomains to disseminate false information. This undermines public trust in reliable sources, fosters disinformation campaigns that manipulate public opinion, and destabilizes communities and societies.

•         Phishing Attacks: Attackers can craft convincing phishing pages using the subdomain to trick unsuspecting users into revealing sensitive information.

•         Social Engineering Attacks: The subdomain can serve as a launching pad for compelling social engineering campaigns, manipulating individuals into disclosing confidential data or engaging in harmful activities.


 Preventing Subdomain Hijacking


 To prevent subdomain takeovers and ensure a secure online presence, users should:

•         Properly terminate services: When discontinuing a service, ensure that DNS records guiding to that service are either updated or deleted.

•         Regular DNS audit: Routinely review DNS records, promptly eliminating any unused or orphaned subdomains.


 Notice for the Subdomain's Owner


 If you are the owner of this subdomain, please remove or change your DNS records and write an email to research@certitude.consulting! We will then terminate the account that is associated with the subdomain.