Electronic SecurityNews

Researchers Find More Than 600 Subdomains Under Threat

A research agency discovered over 600 legitimate Microsoft subdomains could be hijacked and exploited for phishing, malware delivery, and scams.

Researchers Find More Than 600 Subdomains Under Threat

Researchers unveiled that Microsoft’s DNS records for a subdomain point to a website that no longer exists.

In this case, anybody can use this opportunity to develop the non-existent domain and hijack the subdomain with the misconfigured DNS records.

Researchers created an automated system and scanned all the subdomains of some vital Microsoft domains.

The scan results showed the existence of more than 670 subdomains that could be hacked using the technique.

A hacker can doubtlessly drive the visitors of the hacked subdomain to a phishing website.

Hacking Microsoft subdomains would give attackers the freedom to bypass even the most elite anti-spam and email security instruments in the network system. It can also be abused to acquire authentication credentials or other delicate data.

Hackers can trick users into installing malware, uploading sensitive information, or scam them. To understand how the breach works, researchers have published a blog post describing their observations.

The researchers have reported around a dozen of the affected subdomains to Microsoft. The reported subdomains consist of identity.help.microsoft.com, mybrowser.Microsoft.com, webeditor.visualstudio.com and data.teams.microsoft.com

Microsoft acknowledged that this is a common attack method that entails misleading targets in clicking on a specially designed malicious link.

Earlier, several warnings about the risks posed by subdomain hacking have been made.

Microsoft took measures to deal with the issue. However, going by recent discoveries, there are still hundreds of domains that could be exploited.


Carlton Peterson

Carlton is the contributing author of electronic security. His field of communication is fascinating since he writes about that side of the industry which is costly, less used but more inclined upon by developed countries. Electronic securities have been seeing an upward graph nowadays, but the current scenario still needs to be changed. Carlton’s articles reflect the real happening wrapped up in formally written words.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *