Portuguese cybersecurity company CHAR49 was able to identify a security hole in a Segway web subdomain. In addition to being able to jeopardize all the security of the web domains that belong to the American company, the vulnerability opened the door to the creation of phishing campaigns based on fake websites.
The researchers explain thatCurrently, there are several organizations that build their online presence through the services of third party companies, whose integration is done through subdomains adjacent to their main online domain.
However, if a particular service is discontinued or the domain is abandoned, cybercriminals can take advantage of the situation, using it as “bait” and directing victims to fake websites that use seemingly legitimate addresses. CHAR49 experts detail that in these cases, attackers can collect personal data from users or even take control of their accounts.
O company report indicates that a Segway subdomain, named distribution.segway.com, was configured to take the user to segway.reportroi.com. The second domain had reached the end of its “expiration date”, finding itself in what the experts describe as a “redemption period” of 30 days.
After further investigation, and taking into account the server name and IP address history, the company assumed that the domain had been abandoned. Since the remaining Segway domains were vulnerable, the company decided to keep an eye on the situation.
Using the services of the Godaddy platform, the researchers were able to gain control of the reportroi.com domain, allowing them to recreate the subway domain segway.reportroi.com, as well as distribution.segway.com.
In the security report delivered to Segway, CHAR49 includes a detailed attack scenario where attackers would be able to take control of the subdomain and use it to carry out a phishing campaign.
How could the security breach be exploited?
Although they did not receive any feedback from Segway, it was possible to verify that the vulnerable domain was silently eliminated, ultimately mitigating the problem.
Experts stress that cybercriminals taking control of subdomains is a common problem and has a major negative impact for both companies and users. Therefore, organizations that use similar services should carefully monitor their domains and subdomains.