Subdomain Hijacking

In our last blog we wrote about the risks of culling or abandoning domain names, but what about subdomains?  Arguably, abandoned subdomains pose as much a risk as culled domains. This article looks at the risks of not properly administering subdomains and specifically failing to delete unused subdomain DNS records.

Subdomains act as an extension of your domain name to help organise and navigate to different sections of your website or to a completely different external service, such as a social media account, payment gateway or point to a specific IP address or directory.

Keeping track of your subdomains that are live, but more importantly those that are not live, is critical to fending off cyber attacks, such as subdomain hijacking. Subdomain hijacking occurs when a subdomain is discontinued or shut down, but the DNS record that points to a service is not deleted.

For example, a brand may set up a temporary subdomain for a shopify page to process payments for a specific event and when the event is over the shopify service and page are discontinued. If the subdomain DNS record has not been cancelled then any third party can set up the same shopify page (using the subdomain) and potentially scam the parent domain’s customers.

Big brands targeted by cyber criminals

Subdomain hijacking can impact any size brand – only last year Microsoft fell victim to a subdomain hijacking.  ZNet reported that Spammers hijacked Microsoft subdomains to advertise poker casinos.

Hackers hijacked a number of forgotten Microsoft subdomains

It was also reported by that Vulnerability Researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices. Subdomains including and were among ten hijacked by a team of security researchers from Vulnerability. More than 670 Microsoft subdomains were found to be at risk of being taken over.

Basic steps to avoiding subdomain issues

Subdomains that no longer point to a service should be deleted immediately.

A basic review of your subdomains should be able to identify those that no longer resolve to a service.

Subdomain reviews should be periodically included in an risk control schedule to ensure that your business is not harmed by malicious cyber criminals.

About brandsec

Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands.  We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.

Contact us today for a free consultation.




Contact Us

Contact us today and we will endeavour to answer your query as soon as possible

Send us a Message

1 Step 1

Contact Information

Go to Top