New research shows true scale of bad actors taking over legitimate domains to send malicious mail

SAN FRANCISCO & LONDON: Red Sift today announced DNS Guardian – a new feature in Red Sift OnDMARC which security teams can use to swiftly identify and stop domain takeovers that lead to impersonation and spam. After Red Sift began conducting its own research on the SubdoMailing campaign, first identified in February 2024, the company recognized an increasingly critical need to protect organizations from this emerging threat. Red Sift is the first to offer these comprehensive spam protection capabilities.

Bad actors are actively exploiting gaps in organizations’ Domain Name System (DNS) setups to send fraudulent mail on behalf of legitimate brands. DNS records that are not properly configured or maintained can be easily exploited to spoof emails from legitimate domains and pass even the strictest Domain-based Message Authentication, Reporting & Conformance (DMARC) policies. SubdoMailing has proven that an organization’s DMARC policy is only as strong as its DNS hygiene. New research released today by Red Sift shows that the scale of the SubdoMailing attack is much greater than initially reported.

“In supporting and counseling customers through the SubdoMailing campaign, our team not only identified that the attack was far more widespread than initially believed, but that many organizations did not understand the overlap between DNS and DMARC. We were compelled to take action,” said Rahul Powar, CEO, Red Sift. “With DNS Guardian, our customers can stop ongoing attacks, protect revenue, mitigate fines, and empower overworked security teams.”

DNS Guardian fills the gap between DNS and DMARC to ensure organizations are protected from takeover attacks and impersonation in the inbox. Using Red Sift ASM and deep DNS expertise as a foundation, Red Sift is the only DMARC provider able to surface the level of domain detail required to prevent takeover attacks like SubdoMailing. Red Sift achieves this through its:

• Subdomain Discovery: Utilizes advanced discovery techniques from Red Sift ASM to identify all subdomains associated with a given domain.
• Dangling DNS Detection: Identifies subdomains with misconfigured or unused DNS records that are susceptible to being taken over by malicious actors.
• Bad Actor Identification: Detects subdomains already controlled by bad actors through CNAME takeover or legitimate CNAME delegation with poisoned SPF records.
• Risk Assessment: Analyzes the severity and impact of identified security threats.
• Actionable Insights: Provides actionable recommendations and remediation steps to address identified risks and strengthen domain security.

OnDMARC Premier with DNS Guardian will be available from Red Sift as well as through Cisco as Domain Protection Premier.

About Red Sift

Red Sift enables organizations to anticipate, respond to, and recover from cyber attacks while continuing to operate effectively. The award-winning Red Sift application suite is the only integrated solution that combines four interoperable applications, internet-scale cybersecurity intelligence, and innovative generative AI that puts organizations on the path to cyber resilience.

Red Sift is a global organization with offices in North America, Australia, Spain, and the UK. It boasts a global client base across all industries, including Capgemini, Domino’s, ZoomInfo, Athletic Greens, and top global law firms. Red Sift is the official DMARC provider for Cisco and a trusted partner for Microsoft, Validity, and Entrust, among others. Learn more at redsift.com.

Fonte: Business Wire