A recent discovery by researchers at Keytos has highlighted the ongoing vulnerability of subdomain takeover in Microsoft Azure. This exploit, which allows cybercriminals to impersonate organizations and carry out malicious activities, remains a significant threat. Keytos found that approximately 15,000 vulnerable subdomains are discovered each month, using cryptographic certificates.
The danger of subdomain takeover lies in its ability to deceive users into thinking they are accessing legitimate sites. When a domain is left open after deleting an Azure website, hackers can create fraudulent sites on these forgotten domains. This puts users at risk of credential theft through simple deception. Despite the potential for severe consequences, only 2% of the over 1,000 organizations contacted by Keytos have taken action to address the problem.
To combat this vulnerability, Keytos has developed an automated tool called EZMonitor. This tool scans and identifies vulnerable subdomains by leveraging certificate transparency logs and checking the availability of Azure-hosted websites. In its first month alone, EZMonitor identified over 30,000 vulnerable domains. Alarmingly, many of these domains belonged to high-profile organizations that one would expect to have sophisticated cybersecurity teams.
The scale of this vulnerability is astonishing, with 85% of Fortune 500 companies currently utilizing Microsoft Azure and objectively at risk. While Microsoft has made attempts to address the issue, their solutions, such as Defender for App Service Dangling DNS detection, have not fully resolved the problem. As a result, many organizations remain unknowingly vulnerable. Unfortunately, warnings about the vulnerability have not been taken seriously by most organizations, with some simply removing the DNS entry without addressing the underlying vulnerability.
The consequences of subdomain takeover are severe and potentially devastating. They include the theft of login credentials, the dissemination of false information, and the distribution of malware. End-users are often helpless against these attacks, but they can urge their organizations to take the issue seriously. Site owners, on the other hand, can implement various measures to protect themselves, such as certificate transparency monitoring, removing dangling DNS entries, and utilizing Certificate Authority Authorization (CAA) records.
Immediate action is crucial to tackling this critical issue and ensuring the safety of domains and users. Keytos’ EZMonitor tool provides an effective means of identifying vulnerable subdomains and should be prioritized by organizations looking to mitigate the threat. Safeguarding domains from subdomain takeover requires a proactive approach to security.
To assist organizations in assessing the security of their sites, Keytos offers a free domain scanning tool. This tool can examine an organization’s certificates and provide valuable insights into potential vulnerabilities. By taking advantage of this tool, organizations can gain a better understanding of their security posture and take the necessary steps to protect their domains.
It is essential for businesses and individuals alike to understand the magnitude of this vulnerability and take action to address it. Proactive security measures and awareness can go a long way in mitigating the risk of subdomain takeover. By prioritizing security and implementing robust measures, organizations can ensure the safety of their domains and protect their users from the growing threat of cybercriminals.
Disclaimer: This article is a third-party analysis and does not imply any endorsement or affiliation with Keytos LLC.