Security News > 2022 > March > Subdomain takeover attacks on the rise and harder to monitor

Subdomain takeover attacks on the rise and harder to monitor
2022-03-29 05:00

A research from Detectify found that subdomain takeovers are on the rise but are also getting harder to monitor as domains now seem to have more vulnerabilities in them.

Our research found that of the number of scanned apex and subdomains from 2020 to 2021, vulnerabilities increased as much as 25%. Subdomain takeovers and vulnerabilities per domains on the rise.

The research shows that not only are more domains vulnerable to subdomain takeovers, but above all, apex domains typically contain more vulnerable subdomains now than in the past.

Subdomain takeovers occur when an agent gains control over a subdomain of a target domain.

Subdomain takeover can also be done by DNS hijacking where the attacker compromises the target's name server records.

Rickard Carlsson, CEO of Detectify further explained: "With attack surfaces growing and the DNS becoming the heart of the infrastructure, we will likely see subdomain takeover vulnerabilities increasing. Subdomain takeover attacks have gotten way more complex since the concept was first introduced by security researchers back in 2014. Our data suggests they're harder to keep control of as they have started appearing in more advanced software services."


News URL

https://www.helpnetsecurity.com/2022/03/29/subdomain-takeovers-on-the-rise/