- Old DNS records make invisible openings for criminals to spread malware through valid sites
- The staining hawk for haze and infection wrongly transforms the cloud link into a silent redirect mesh
- The victims feel that they are going to a real site, until popup and malware ends
A disturbing new online threat is emerging in which criminals have kidnapped the sub -domains of major organizations such as Bose, Panasonic and even US CDC (disease control and prevention center) to spread malware and cross online scams.
As marked by security experts InfobloxThe center of this campaign is a danger group known as Hausi Hawk, which has taken a relatively quiet but highly effective approach to compromise the user trust and make it a weapon against visitors.
These subdoman kidnappings are not the result of direct hacking, but ignored to exploit the weaknesses of the infrastructure.
An exploitation contained in administrative inspection
Instead of breaking the network via Brout Force or Fishing, Hussi Hawk left the DNS CNAME records incorrectly adding cloud resources.
These so -called “swinging” records occur when an organization decomposes a cloud service, but forgets to update or remove the DNS entry, which leaves the subdomain weak.
For example, some forgotten subdoman.
This method is dangerous because misconfigutions are usually not marked by traditional security systems.
Fake antivirus becomes a renovated subdoman platform to distribute scams including warning, tech support cons and software updates.
HAGY Hawk does not just stop at kidnapping – group users use traffic distribution system (TDSS) to reunite users to malicious destinations to malicious destinations.
These TDs, such as viralclipnow.xyz, serve sequential scams to assess the user’s device type, location and browsing behavior.
Often, the redirection begins with the infinite developer or blog domain, such as shares. J.org, before reshuffling users through a web of deception.
Once the users accept push notifications, they continue to receive scam messages for a long time after initial transition, establish a permanent vector for fraud.
The decline from these campaigns is more than theoretical and has affected high-profile organizations and firms such as CDC, Panasonic and Deloite.
Individuals can protect them from these dangers by rejecting push notification requests from unfamiliar sites and taking care with links that look great to come true.
For organizations, DNS should be emphasized on hygiene. DNS takes the sub -domain for cloud services to remove DNS entries to remove entries that are unsafe for acquisitions.
Automatic DNS monitoring equipment, especially integrated with the intelligence of danger, can help detect signs of the compromise.
Security teams should consider these misconceptions as significant weaknesses, not minor overseas.
