An abandoned domain name can allow cybercriminals to gain access to email addresses of the company that previously owned it, finds cybersecurity expert Gabor Szathmari.
When a domain name gets expired, it goes into a reserved state for a certain time, allowing the recent owner to reclaim it. If the expired domain name isn’t reclaimed in given time, it becomes available for re-registration at no additional costs, identity or ownership verification.
SEO professionals and spam trap operators are good at keeping track of abandoned domain names for various purposes. However, this is not so well-known to cybersecurity professionals as a security risk.
The new owner of the domain name can take control of the email addresses of the former owner. The email services can then be configured to receive email correspondence sensitive in nature. The email accounts can also be used to reset passwords to online services which can include sensitive information like personal details, financial details, client-legal privileged information, etc.
The research was performed on the domain names abandoned by law-firms in Australia during the mergers and acquisitions. The law firms store and process massive amount of confidential data, and abandoned domain names can lead to serious cyberthreats.
“Email is an essential service in every business, and the effect of a company losing control over their email service is devastating, even if the company has merged or shut down. Sensitive information and documents are often exchanged over emails between clients, colleagues, vendors and service providers due to the convenience. Consequently, if a bad actor takes control of an entire business’s email service, sensitive information can end up in wrong hands,” wrote Gabor Szathmari, in a blog post.
An average of around a thousand ‘.au’ domain names (country code TLD for Australia) get expired every day. The list of expiring domain names is published publicly in a simple CSV file format, which allows anyone to see the domain names getting expired.
Most of the companies prefer Office 365 and G Suite for enterprise emails. If all the messages aren’t deleted from the cloud platforms, they remain available for new owner of the domain to access.
Furthermore, if anyone has used the email address for signing up for an account on social media platforms like Facebook, Twitter, LinkedIn, the new owner can reset the passwords and gain access to those accounts.
To avoid such cyberthreats, the companies should ensure that the domain name remains valid for an indefinite period even if it has been abandoned. All the notifications that may contain confidential information should be unsubscribed from the emails.
Disconnect or close the accounts that are created using the business emails. Researchers also suggested to enable two-factor authentication for all the online services that allows it.