One of the categories of security issues that Bitsight records involves issues with DNS records. The vast majority of these involve “dangling” DNS records. Currently, none of these issues do not impact Bitsight ratings.
A dangling DNS record occurs when a company has a DNS record that points to an IP address or domain that is no longer under the control of the original owner. This can happen with an A, AAAA or CNAME record. This lapse is a security issue because it opens the door to domain and subdomain takeover attacks. In these attacks, a malicious actor can acquire the abandoned target IP address or domain. They can then serve malicious content, execute code in customers’ browsers, or use the domain for phishing attacks. There have been several such attacks recently that at a minimum cause reputational harm for the companies involved.
Beyond security risks, dangling DNS records can cause operational disruptions by leading users or systems to outdated or incorrect addresses, complicating network management. To prevent these issues, organizations should regularly audit and update their DNS records, removing any that are obsolete or no longer in use.
Bitsight currently discovers these issues in two ways:
- When news articles are published about high-profile incidents, such as those discussed in the link above
- When a Bitsight customer brings to our attention that one of their own DNS records is stale, and agrees to allow us to record it as such
Until October 2024, these were all recorded as DNS Incidents, but we now distinguish between the two due to a decision by the Ratings Policy Review Board. The second category is not typically a security incident per se, since attackers have not in fact taken over the IP address or domain. Accordingly, we now have two categories for these issues.
DNS Incidents now strictly correspond to an actual security incident, for which we have some related public disclosure. DNS Findings correspond to a finding reported by a customer, and accordingly are published in the Other Disclosures section of the risk vector. Again, neither of these currently impact ratings, but they could impact a planned risk vector in the future.
- October 1, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.