Heimdal
Home > Cybersecurity News

Cornell, UNICEF, VMware and McAfee Subdomains Hijacked to Bypass Filters

Over 13000 Subdomains Belonging to Tech, Press, Education and Charity Big Brands Were Compromised.

Last updated on February 28, 2024

article featured image

Contents:

SubDoMailing phishing campaign hijacked 8000 abandoned domains and 13,000 subdomains to avoid spam detection. Hackers sent 5 million malicious emails daily.

The campaign exploited the credibility of big brands in tech, education, charity, e-commerce, and the press industry.

MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, UNICEF, ACLU, Symantec, Java.net, Marvel, and eBay are some of the victims who got their domains and subdomains hijacked.

According to BleepingComputer, the threat actors used this mass spam campaign to obtain money from scams and malvertising:

Clicking on the embedded buttons in the emails takes users through a series of redirections, generating revenue for the threat actors via fraudulent ad views. Ultimately, the user arrives at fake giveaways, security scans, surveys, or affiliate scams.

What is subdomain hijacking and how to prevent it

Subdomain hijacking or dangling DNS is a cyberattack type residing in misconfigured DNS records. Not protecting domains and subdomains you no longer use can make you a target of a similar attack.

Instead of using a typosquatting technique and creating a fake website like vmwar3.ru, for example, the threat actor would rather take over a legit but abandoned domain belonging to a trusted brand. Then they`ll use it to host their malicious content.

Some of the most common prevention measures brands can take against domain and subdomain hijacking are:

Audit and clean DNS records

Regularly check your DNS entries to ensure all subdomains are valid and necessary. Delete DNS records of subdomains you no longer need.

Use DNS monitoring

Use a tool that checks for DNS record alterations to alert you in case of unauthorized changes. DNS protection is a critical part of the cybersecurity strategy.

Apply the principle of least privilege

Use role-based access controls and PoLP. Only allow trusted specialists to change DNS records settings.

Avoid subdomain delegation

Make sure third parties abide high security standards if you need to delegate subdomains.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

5 Ways Heimdal® Protects You From DNS AttacksHow to Identify Phishing Emails and Prevent an Attack Using DNS FilteringWhat Are DNS Records? Types and Role in DNS Attacks MitigationOn the Anatomy of a DNS Attack – Types, Technical Capabilities, and MitigationPhishing attacks explained: How it works, Types, Prevention and Statistics

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V