Some of the world's biggest companies have major website security issues

News
By published

Organizations' subdomains were hijacked as a result of outdated cloud DNS records

(Image credit: Shutterstock)

Cybercriminals have taken over more than 240 website subdomains belonging to some of the world's biggest brands and organizations in an effort to redirect users to malware, adult content, online gambling and other unexpected content.

As reported by The Register, the organizations who had their subdomains hijacked include Chevron, the Red Cross, UNESCO, 3M, Arm, Warner Brothers, Honeywell, Toshiba, Xerox, NHS, Volvo, Siemens and others.

The problem is not that the websites of these businesses and organizations were hijacked but that their DNS entries have been, due to the way they were hosted in Microsoft's Azure cloud.

This has been an ongoing problem for Azure-hosted sites and back in March of this year, Microsoft accidentally allowed hundreds of its own subdomains to fall into the hands of spammers who used their reputation to try and rank higher in search results.

Hijacked subdomains

The list of hijacked subdomains shared with The Register was created by US security researcher Zach Edwards who reported the URLs to Microsoft as well as the affected organizations at the end of June.

According to Edwards, a large number of the subdomains on his list appear to have been taken over by a single group that has been operating for years. He provided further insight on his discovery to the news outlet, saying:

"They are used by an international criminal group who does lots of things with them. Some pages redirect to malware, some redirect to porn or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software. It's clearly automated: they have hit tons of organizations, and uploaded tons of malware. I've warned a bunch of organizations that their biggest fear should be this legacy group partnering with some other group that is more destructive.”

The group often tries to hide their presence after hijacking a subdomain by making the root URL show a 404 error or even a “coming soon message”. Edwards says that around 20 percent of the subdomains on his list have been shut down and Microsoft as well as the affected organizations are likely hard at work trying to shut down the rest.

Via The Register

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Latest in News
FCC filing for the Nothing CMF Buds 2 Plus
Nothing’s next-gen CMF cheap earbuds slated to arrive within the month, but don’t expect hi-res audio support
John Loeffler holding the Ryzen 7 7800X3D
Great news! The best gaming CPU ever made is finally available for it's original MSRP again
Garmin Instinct 3
A new Garmin study hints at the link between burning calories and happiness, and I've got good and bad news
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
MacBook Air M4
Apple's rumored foldable iPad tipped to launch sooner than expected with an exciting software twist
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature
More about security
Dark Web monitoring

A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
NordProtect logo

Standalone identity theft protection from Nord Security is now available
Family at a picnic table with Amazon packaging on the table and a fire kids tablet

Amazon announces its Big Spring Sale – get up to 40% off and shop early deals now
See more latest
Most Popular
MOZA sim accessories
The cutting-edge controllers that'll make your sim feel incredibly real
FCC filing for the Nothing CMF Buds 2 Plus
Nothing’s next-gen CMF cheap earbuds slated to arrive within the month, but don’t expect hi-res audio support
AMD RX 9070 GPU models
We won't be seeing any Radeon RX 9000 series GPUs from MSI - AMD prioritizes other board partners instead
John Loeffler holding the Ryzen 7 7800X3D
Great news! The best gaming CPU ever made is finally available for it's original MSRP again
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
Verdansk returns to Warzone in a matter of weeks and I’m dreaming of the return of two iconic weapons - here’s what you need to know about its release date and what to expect
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs
The AMD Ryzen AI Max+ 395 dominates as the "most powerful" APU on the market, but its competition is questionable
Garmin Instinct 3
A new Garmin study hints at the link between burning calories and happiness, and I've got good and bad news
Roku TV on wall in living room setting
Roku tests showing ads before you even reach the home screen, and it's infuriating users
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature