- Hijacking Microsoft subdomains would provide attackers the liberty to bypass even the most elite anti-spam.
- Microsoft acknowledged that this is a common attack method that involves misleading targets in clicking on a specially crafted malicious link.
A research firm found more than 600 legitimate Microsoft subdomains could be hijacked and abused for phishing, malware delivery, and scams.
What happened?
Researchers revealed that Microsoft’s DNS records for a subdomain point to a domain that no longer exists.
- In this case, anyone can use this opportunity to creates the non-existent domain and hijack the subdomain with the misconfigured DNS records.
- Researchers created an automated system and scanned all the subdomains of some important Microsoft domains.
- The scan results revealed the existence of over 670 subdomains that could be hijacked using the above technique.
The damage it may cause
An attacker can potentially direct the visitors of the hijacked subdomain to a phishing website.
- Hijacking Microsoft subdomains would provide attackers the liberty to bypass even the most elite anti-spam and email security tools in the network system.
- It can be further exploited to acquire authentication credentials or other sensitive information.
- Attackers can trick users into installing malware, uploading sensitive files, or scam them.
Key findings
To understand how the attack works, researchers have published a blog post describing their findings.
- The researchers have reported around a dozen of the impacted subdomains to Microsoft.
- The reported subdomains include mybrowser[.]microsoft[.]com, identityhelp.microsoft[.]com, data.teams.microsoft[.]com, webeditor.visualstudio[.]com, and sxt.cdn.skype[.]com.
- Microsoft acknowledged that this is a common attack method that involves misleading targets in clicking on a specially crafted malicious link.
Closing lines
Earlier, several warnings about the risks posed by subdomain hijacking have been made. Microsoft took steps to address the issue. But, going by the recent findings, there are still hundreds of domains that could be abused.
However, to mitigate such threats, researchers suggested exercising caution while working through links or files from untrusted sources and email addresses.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/1328_shutterstock_616324022.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000074857253_Medium.jpg)
