A U.S. healthcare company identified vulnerabilities due to dangling DNS records within their public DNS presence, which can be exploited through techniques such as subdomain takeovers and traffic redirection. They utilized Silent Push Enterprise to find and rectify over 2,000 such records, significantly enhancing their security posture against potential attacks. Affected: U.S. healthcare company
Keypoints :
- A U.S. healthcare company was vulnerable due to dangling DNS records.
- Dangling DNS records are obsolete or misconfigured entries in DNS control panels.
- Threat actors can exploit these records for subdomain takeovers and other attacks.
- The company sought a fast assessment of their exposure to these security risks.
- Silent Push Enterprise helped locate and remove over 2,000 dangling DNS records.
- The organization was able to automate ongoing scans for new dangling DNS records.
- Silent Push offers insights on potential vulnerabilities for security teams.
- Silent Push provides preemptive intelligence through IOFA™ for identifying adversary intent.
MITRE Techniques :
- T1595: Active Scanning – Threat actors could actively scan for enterprises with dangling DNS records to identify potential targets.
- T1491: Resource Hijacking – Exploiting dangling records for subdomain takeovers allows attackers to hijack legitimate resources.
- T1071: Application Layer Protocol – Utilizing application layer protocols to abuse misconfigured DNS records for redirection.
Indicator of Compromise :
- No IoCs Found
Full Story: https://www.silentpush.com/blog/subdomain-takeovers-and-dangling-dns-exploits/