Many businesses don’t realize that abandoning their previous domain names that they no longer use can pose a huge security threat. A domain name is a name you can register to identify your business on the internet. For Canadian businesses, this is typically a domain name ending in .com or .ca such as example.com.ca. This is a typical example of a domain name. The problem with domain names are that they usually hold onto a decent amount of information about the company and they are left to be managed by lower leveled technician people or outsourced IT support providers to renew these domains. Domain renewals are often seen as a waste of money to many companies due to circumstances such as a change of branding name, reconstructing of the company, or abandoning the domain as a whole. The issue of the abandoned domain name occurs when the domain is no longer paid for and it is out of service so it is then available for anyone to claim after a certain grace period. After this grace period is over and the domain is available up for grabs, this means that even attackers can claim the domain name that was left behind with no proof of identity or ownership regarding the domain. After the domain is snatched by a new owner the domain can then be setup to do a “catch-all” email service which means emails meant for the previous owner will be rerouted to the new owner of the domain which can then end up in the hands of an attacker. As stated by the article “online services often only rely on an email address as a single factor for password resets meaning online services once held by staff of the previous owner can be hijacked.” This is an example of how hijacking an old domain can be devastating towards a business.
This is an image from the article that shows researchers were able to access documents intended for the former clients. (Source: blog.gaborszathmari.me)
Often times even if business have joined other businesses to merge into one, there is still sensitive information to be leaked through emails between clients, colleagues, vendors, suppliers, and service providers.
Research found by Gabor Szathmari and Jereimah Cruz that they were able to:
- access confidential documents of former clients;
- access confidential email correspondence;
- access personal information of former clients;
- hijack personal user accounts (LinkedIn, Facebook, etc.) of former staff working in their new jobs; and
- hijack professional user accounts (Commonwealth Courts Portal, LEAP, etc.) of former staff by re-registering abandoned domain names belonging to former businesses.
Active LinkedIn accounts belonging to former staff can be hijacked via abandoned internet domains (Source: blog.gaborszathmari.me)
There are many steps one can take to protect their data from abandoned domains. According to the Australian Cyber Security Centre these following steps should be taken to minimize risks for businesses:
- Keep renewing your old domain name indefinitely and do not let them expire and be abandoned, especially if the domain name was once used for email.
- Close cloud-based user accounts that were registered with the old domain email address (this can be difficult to do for domains with a large number of email addresses).
- Unsubscribe the email notifications which may feature sensitive data such as Text-to-email services and banking notifications.
- Advise clients to update their address book.
- Enable two-factor authentication, where the feature is supported for online services.
- Use unique and complex passwords.
– Rusaf Talukder