The Hidden Secret About Your DNS Zones and Combatting Phishing Campaigns

The Hidden Secret About Your DNS Zones and Combatting Phishing Campaigns

Phishing and scam campaigns are one of the biggest challenges for businesses and organizations across the globe and continue to evade traditional security measures year after year. Some of the most effective campaigns use simple methods designed to use publicly available information from domains and domain name systems (DNS) that sit outside of the firewall. As DNS and zone management is one of the worst maintained cyber hygiene items for many organizations, it’s important to know the potential oversights that many organizations overlook so you can improve your organization’s security posture.

Email security often relies on the use of spam filtering tools to identify and remove emails that seem suspicious or unsolicited. However, spam filtering is not always accurate and cybercriminals can use a variety of techniques to bypass spam filtering. And if cybercriminals can get a foothold on legitimate domains, spam filtering is essentially useless.

As a best practice for combating email spoofing and phishing coming from legitimate domains, Domain-based Message Authentication, Reporting and Conformance (DMARC) is used to build upon email aligners of Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) to add policy and reporting, which essentially provides organizations with intel on how their domains are being used for authentic messaging. Third-party marketing companies and organizations such as SendGrid, Postmark, Mailgun, etc. can provide additional email campaign benefits and typically recommend that organizations use DMARC. But sometimes this can make companies vulnerable to phishing campaigns, often with no complete solution on how to stay safe from phishing actors, e.g., HMRC phishing scam abuses mail service to bypass spam filters (bleepingcomputer.com).

Looking into the issue of phishing, and bad actors often targeting organizations through third-party marketers, CSC has developed a solution called Subdomain Monitoring that provides unique insight into how domains may be vulnerable from the authoritative hosting side to threats such as subdomain hijacking. Using Subdomain Monitoring, CSC can identify artifacts or remnants of resource records pointing to third-party marketers. This granular insight provides organizations with a unique opportunity to remove the stale records and review if their SPF, DKIM, or DMARC resource records include these third-party marketing firms.

As threat vectors continue to evolve, it’s imperative for organizations to review their security posture for public information that’s vital to establish their web presence and operations. As the domain registrar for many global businesses and organizations, CSC provides innovative solutions tailored to meet the security needs and principles that are required for staying safe on the internet today.

For more information on how your domains may be vulnerable to bad actors and phishing campaigns, please schedule a demonstration with CSC to review our Subdomain Monitoring solution.