About Teletype
Join
Sravan Cynixit
@sravancynixit
March 7, 2020

More than 600 Microsoft Subdomains Pose Threat to Users

  • Hijacking Microsoft subdomains would provide attackers the liberty to bypass even the most elite anti-spam.
  • Microsoft acknowledged that this is a common attack method that involves misleading targets in clicking on a specially crafted malicious link.
600 Microsoft Subdomains Pose Threat to Users

A research firm found more than 600 legitimate Microsoft subdomains could be hijacked and abused for phishing, malware delivery, and scams.

If you want to Gain In-depth Knowledge, please go through this link Ethical Hacking Training

What happened?

Researchers revealed that Microsoft’s DNS records for a subdomain point to a domain that no longer exists.

  • In this case, anyone can use this opportunity to creates the non-existent domain and hijack the subdomain with the misconfigured DNS records.
  • Researchers created an automated system and scanned all the subdomains of some important Microsoft domains.
  • The scan results revealed the existence of over 670 subdomains that could be hijacked using the above technique.

The damage it may cause

An attacker can potentially direct the visitors of the hijacked subdomain to a phishing website.

  • Hijacking Microsoft subdomains would provide attackers the liberty to bypass even the most elite anti-spam and email security tools in the network system.
  • It can be further exploited to acquire authentication credentials or other sensitive information.
  • Attackers can trick users into installing malware, uploading sensitive files, or scam them.

Key findings

To understand how the attack works, researchers have published a blog post describing their findings.

  • The researchers have reported around a dozen of the impacted subdomains to Microsoft.
  • The reported subdomains include mybrowser[.]microsoft[.]com, identityhelp.microsoft[.]com, data.teams.microsoft[.]com, webeditor.visualstudio[.]com, and sxt.cdn.skype[.]com.
  • Microsoft acknowledged that this is a common attack method that involves misleading targets in clicking on a specially crafted malicious link. More info at Ethical Hacking Online Training

Closing lines

Earlier, several warnings about the risks posed by subdomain hijacking have been made. Microsoft took steps to address the issue. But, going by the recent findings, there are still hundreds of domains that could be abused.

However, to mitigate such threats, researchers suggested exercising caution while working through links or files from untrusted sources and email addresses.

Sravan Cynixit
March 7, 2020, 06:05
0 reactions
0 views