Hi,


not an ICANN issue. Fault lies with the domain name registrant's operational security and management practices (and with the malicious actors who exploit them, of course.) The risk and its mitigation should be standard in all IT management and security training, and part of regular management practice (it essentially entails making sure you don't have "dangling domains" i.e. subdomains that stop pointing to a cloud service or SPF authentication. 


Short explanation:


https://readwrite.com/email-fraudsters-deploy-sophisticated-tactics-to-dupe-users/ 


More detailed explanation and prevention measures: 


https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-danger/ 


Tool to check for hijacked subdomains and make your organizations' IT managers aware of the problem: https://guard.io/subdomailing - and click on the button that reads "What should I do?" after checking. There's a list of presently compromised domain names (This may change as they get fixed.) It includes nyc.gov, msn.com, marvel.com, cornell.edu, and even mcaffee.com. 


Thanks for the heads-up which while not being an ICANN issue, should be made into useful operational advice for the organizations represented here. People, talk to your IT guys and to the organizations near you. They should be aware of the more general risk to their users as well as fixing their own stuff.


Alejandro Pisanty



Alejandro Pisanty





De: lac-discuss-en <lac-discuss-en-bounces@atlarge-lists.icann.org> en nombre de Carlton Samuels <carlton.samuels@gmail.com>
Enviado: lunes, 26 de febrero de 2024 09:40 p. m.
Para: CPWG
CC: LAC-Discuss-en
Asunto: [lac-discuss-en] Hijacked subdomains of major brands used for spamming
 
....what do we know? And, when did we know it!

https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/



Carlton

==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================