Researchers at Guardio Labs discovered a vast campaign hijacking thousands of subdomains belonging to well-known brands (MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay, etc.).
The attackers use these compromised subdomains to send millions of spammy and malicious emails daily, bypassing security measures by leveraging the trust associated with the hijacked brands.
Here's how it works:
- Attackers hijack subdomains of established brands through various methods like complex DNS manipulation and exploiting abandoned domains.
- They manipulate the hijacked subdomains' SPF records to make emails appear as if they originated from the legitimate brands.
- These emails often contain deceptive content like fake cloud storage warnings, phishing attempts, or misleading advertisements.
The campaign is alarming for several reasons:
- The scale: Over 8,000 domains have been compromised, and the number is growing.
- The potential harm: Millions of spam and malicious emails are being sent daily.
Spoofing a number means they can call somebody and appears as calling from your number. In order to receive SMS or call made to your number, they would have to hijack your SIM, typically convincing your telecom provider to transfer your phone info over to theirs.
In the US, someone knowing your full name and phone number is commonplace. There is no wide-spead havoc because of this. Someone who wants to harm you would really have to be motivated to get more information from the info you gave them. This is obviously possible because of wide-spread data leaks, but does your emissary have the perseverance and the knowledge to do this?