Hackers have taken control of over 8,000 subdomains belonging to reputable companies and organizations to launch a massive phishing campaign that sends millions of malicious emails every day.
Among the companies involved in “SubdoMailing” are MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay. The campaign, which is the center of a larger cybercrime operation and damages the credibility and trust of the compromised organizations, was identified by researchers from Guardio Labs.
“The discovered operation entails the manipulation of thousands of hijacked sub-domains associated with or related to major brands,” security researcher Oleg Zaytsev and CEO of Guardio Labs-Cybersecurity Nati Tal stated in a Medium article. “Complex DNS manipulations for these domains allowed the dispatch of vast quantities of spammy and just outright malicious emails, falsely authorized under the guise of internationally recognized brands.”
According to the researchers, the effort is designed to evade all industry-standard email security mechanisms, such as Sender Policy Framework (SPF), DKIM, SMTP Server, and DMARC, that are normally in place to prevent suspicious messages. Instead, emails appear to originate from trustworthy sites.
Finding the Hijacking Scheme
In the post, Guardio provides a detailed explanation of how its email protection algorithms detected an unusual trend in an email’s metadata, leading to the operation’s disc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.