Hijacked subdomains of major brands used for spamming
....what do we know? And, when did we know it! https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-... Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* =============================
Hi, not an ICANN issue. Fault lies with the domain name registrant's operational security and management practices (and with the malicious actors who exploit them, of course.) The risk and its mitigation should be standard in all IT management and security training, and part of regular management practice (it essentially entails making sure you don't have "dangling domains" i.e. subdomains that stop pointing to a cloud service or SPF authentication. Short explanation: https://readwrite.com/email-fraudsters-deploy-sophisticated-tactics-to-dupe-... More detailed explanation and prevention measures: https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-da... Tool to check for hijacked subdomains and make your organizations' IT managers aware of the problem: https://guard.io/subdomailing - and click on the button that reads "What should I do?" after checking. There's a list of presently compromised domain names (This may change as they get fixed.) It includes nyc.gov, msn.com, marvel.com, cornell.edu, and even mcaffee.com. Thanks for the heads-up which while not being an ICANN issue, should be made into useful operational advice for the organizations represented here. People, talk to your IT guys and to the organizations near you. They should be aware of the more general risk to their users as well as fixing their own stuff. Alejandro Pisanty [https://cdn.guard.io/uploads/img_d278c579814824e5.png]<https://guard.io/subdomailing> SubdoMailing Checker Tool | Guardio<https://guard.io/subdomailing> guard.io Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers Alejandro Pisanty [https://cyberint.com/wp-content/uploads/2023/10/Shai-Yatzik-CFO-59.png]<https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-danger/> Subdomain Hijacking: The Domain's Silent Danger<https://cyberint.com/blog/research/subdomain-hijacking-the-domains-silent-da...> cyberint.com In one study over 1,000 organizations were found to have vulnerable subdomains at risk of hijacking, but this is the tip of the iceberg. Here is how threat actors take control and what you can do about it. ________________________________ De: lac-discuss-en <lac-discuss-en-bounces@atlarge-lists.icann.org> en nombre de Carlton Samuels <carlton.samuels@gmail.com> Enviado: lunes, 26 de febrero de 2024 09:40 p. m. Para: CPWG CC: LAC-Discuss-en Asunto: [lac-discuss-en] Hijacked subdomains of major brands used for spamming ....what do we know? And, when did we know it! https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-... [https://www.bleepstatic.com/content/hl-images/2024/02/26/email.jpg]<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/> Hijacked subdomains of major brands used in massive spam campaign<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-...> www.bleepingcomputer.com A massive ad fraud campaign named Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround =============================
Carlton This issue was flagged a long time ago by multiple organisations, including Nominet: https://nominetcyber.com/dangling-dns-is-no-laughing-matter/ The problem with large zones is that it becomes increasingly complex for companies and their staff to manage them and avoid these kind of issues. It’s an interesting problem, but it’s not an easy one to fix. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: CPWG <cpwg-bounces@icann.org> on behalf of Carlton Samuels via CPWG <cpwg@icann.org> Date: Tuesday, 27 February 2024 at 03:41 To: CPWG <cpwg@icann.org> Cc: LAC-Discuss-en <lac-discuss-en@icann.org> Subject: [CPWG] Hijacked subdomains of major brands used for spamming [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. ....what do we know? And, when did we know it! https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-... Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround =============================
Michele, thanks for digging even deeper into the precedents! The "dangling DNS" issue is not new, indeed, and there are enough of them for this new long-lasting campaign to be active these days. Again to distill what possibly is of concern to LACRALO: 1. member organizations should contact their tech teams and make sure your domain names are well managed; 2. member organizations should make their members, and organizations and the public in their environment, aware of the issue and make sure all others enact proper remediation; 3. member organizations could include awareness and prevention of this type of attack in their outreach. None of this is an ICANN issue though. Alejandro Pisanty ________________________________ De: lac-discuss-en <lac-discuss-en-bounces@atlarge-lists.icann.org> en nombre de Michele Neylon - Blacknight via lac-discuss-en <lac-discuss-en@atlarge-lists.icann.org> Enviado: martes, 27 de febrero de 2024 08:56 a. m. Para: Carlton Samuels; CPWG CC: LAC-Discuss-en Asunto: Re: [lac-discuss-en] [CPWG] Hijacked subdomains of major brands used for spamming Carlton This issue was flagged a long time ago by multiple organisations, including Nominet: https://nominetcyber.com/dangling-dns-is-no-laughing-matter/ [https://media.nominet.uk/wp-content/uploads/2019/05/22081210/Dangling-DNS.jpg]<https://nominetcyber.com/dangling-dns-is-no-laughing-matter/> Dangling DNS is no laughing matter - Nominet Cyber<https://nominetcyber.com/dangling-dns-is-no-laughing-matter/> nominetcyber.com The word ‘dangling’ always seems a bit comical to me. However, apply it to the world of the Domain Name System (DNS) and it becomes no laughing matter – but what does it mean? To understand what it is and the issues around dangling DNS, it’s important to first understand the basics of DNS. The... The problem with large zones is that it becomes increasingly complex for companies and their staff to manage them and avoid these kind of issues. It’s an interesting problem, but it’s not an easy one to fix. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ [https://www.blacknight.com/wp-content/uploads/2018/02/blacknight-og-graphic.jpg]<https://www.blacknight.com/> Irish & European Website, Cloud, Email & Rackspace Hosting, Domain Registration, Dedicated Servers Ireland<https://www.blacknight.com/> www.blacknight.com European Web hosting based in Ireland from Blacknight. Professional Linux and Windows website hosting packages with a simple, easy-to-use control panel. Widest range of domain names at the best prices. Microsoft Exchange server hosting, vps hosting and much much more. https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Michele Neylon :: Pensieri - Technology, Marketing, Domains, Thoughts<https://michele.blog/> michele.blog Thoughts on technology, running an internet business, blogging, online marketing and gadgets. Some thoughts: https://ceo.hosting/ Hosting Thoughts & Reflections - Sharing thoughts & experiences<https://ceo.hosting/> ceo.hosting Sharing thoughts & experiences ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: CPWG <cpwg-bounces@icann.org> on behalf of Carlton Samuels via CPWG <cpwg@icann.org> Date: Tuesday, 27 February 2024 at 03:41 To: CPWG <cpwg@icann.org> Cc: LAC-Discuss-en <lac-discuss-en@icann.org> Subject: [CPWG] Hijacked subdomains of major brands used for spamming [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. ....what do we know? And, when did we know it! https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-... [https://www.bleepstatic.com/content/hl-images/2024/02/26/email.jpg]<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/> Hijacked subdomains of major brands used in massive spam campaign<https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-...> www.bleepingcomputer.com A massive ad fraud campaign named Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround =============================
participants (3)
-
Carlton Samuels -
Dr. Alejandro Pisanty Baruch -
Michele Neylon - Blacknight