Cybercriminals have taken over more than 240 website subdomains belonging to some of the world’s biggest brands and organizations in an effort to redirect users to malware, adult content, online and other unexpected content.
As reported by The Register, the organizations who had their subdomains hijacked include Chevron, the Red Cross, UNESCO, 3M, Arm, Warner Brothers, Honeywell, Toshiba, Xerox, NHS, Volvo, Siemens and others.
The problem is not that the websites of these businesses and organizations were hijacked but that their DNS entries have been, due to the way they were hosted in Microsoft’s Azure cloud.
This has been an ongoing problem for Azure-hosted sites and back in March of this year, Microsoft accidentally allowed hundreds of its own subdomains to fall into the hands of spammers who used their reputation to try and rank higher in search results.
The list of hijacked subdomains shared with The Register was created by US security researcher Zach Edwards who reported the URLs to Microsoft as well as the affected organizations at the end of June.
According to Edwards, a large number of the subdomains on his list appear to have been taken over by a single group that has been operating for years. He provided further insight on his discovery to the news outlet, saying:
“They are used by an international criminal group who does lots of things with them. Some pages redirect to malware, some redirect to or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software. It’s clearly automated: they have hit tons of organizations, and uploaded tons of malware. I’ve warned a bunch of organizations that their biggest fear should be this legacy group partnering with some other group that is more destructive.”
The group often tries to hide their presence after hijacking a subdomain by making the root URL show a 404 error or even a “coming soon message”. Edwards says that around 20 percent of the subdomains on his list have been shut down and Microsoft as well as the affected organizations are likely hard at work trying to shut down the rest.
Via The Register