Domain Hijacking is a well-known security issue that can be carried in many different ways. In addition to social engineering or unauthorized access to the domain owner’s account, the exploitation of neglected DNS records configured for cloud services is increasingly common. In the latter case, a threat actor (TA) can potentially take control of a subdomain configured for a disused or legacy third party cloud service allowing them to then launch a variety of attacks against your organization.
Third party cloud services are an extremely common turnkey solution, used by many organizations, big and small. The configuration is simple: use the cloud service to create the resource you desire and then redirect clients from your subdomain to the third-party cloud service, using records such as CNAME or DNAME.
Abandoned domains or subdomains occur when an organization stops using a cloud service and forget to remove or update the DNS records pointing to them. Additionally, organizations may forget to re-register domain names allowing them to be purchased by anyone.
These abandoned domains and subdomains expose organizations to potential hijacking and takeover attacks.