We are Hiring!

Scan your exposure to domain and subdomain hijacking over 10's of cloud providers

How it works

Domain Hijacking is a well-known security issue that can be carried in many different ways. In addition to social engineering or unauthorized access to the domain owner’s account, the exploitation of neglected DNS records configured for cloud services is increasingly common. In the latter case, a threat actor (TA) can potentially take control of a subdomain configured for a disused or legacy third party cloud service allowing them to then launch a variety of attacks against your organization.

Third party cloud services are an extremely common turnkey solution, used by many organizations, big and small. The configuration is simple: use the cloud service to create the resource you desire and then redirect clients from your subdomain to the third-party cloud service, using records such as CNAME or DNAME.

Abandoned domains or subdomains occur when an organization stops using a cloud service and forget to remove or update the DNS records pointing to them. Additionally, organizations may forget to re-register domain names allowing them to be purchased by anyone.

These abandoned domains and subdomains expose organizations to potential hijacking and takeover attacks.

CyberInt's research team has observed a large number of third-party cloud providers that don’t perform ownership verification when connecting domains and subdomains, meaning anyone could claim the abandoned domain on that cloud service to effectively gain ownership of it.

Exploiting this attack vector is considerably easy, all it takes is to claim a subdomain on a cloud provider or register an expired domain. It is also silent, as nothing notifies the original domain owner of the new configuration or purchase.

Furthermore, resolving this on the cloud provider’s side could prove complicated as some providers may not consider this their responsibility, possibly because the legitimate owner is not a customer.

We recommend using this tool to scan your organization's domain to detect any potential exposure so that you can respond accordingly.

Domain Hijacking Explained

Supported Cloud Providers