Best Practice for Preventing Subdomain Takeover

Subdomain takeover is a common, high-severity threat occurring when a subdomain (such as `xxx. dept. cuhk. edu. hk`) points to an unused resource (like a public-cloud service e.g. Azure, AWS).  If the DNS CNAME record isn’t removed, it becomes a “dangling DNS” record, creating the potential risk for subdomain takeover. This allows unauthorized threat actors to claim the deprovisioned subdomain, which can lead to a site performing credential stealing or other malicious activities e.g. gambling website. 

 

To prevent subdomain takeovers, it is important to:

  1. Delete unused subdomains from your DNS records to prevent it from being taken over. 
  2. Review your DNS records regularly and associated resources to ensure they are still valid and in use. 
  3. Ensure that unused resources including website, DNS etc. are properly decommissioned. 

 

Your prompt attention is vital for our security.  For questions or assistance, please contact infosec@cuhk.edu.hk . 

 

Reference:

 

Published on:  06 Dec 2024