Dangling domains have become more of a threat recently according to a report by researchers Daiping Liu and Ruian Duan from Palo Alto. They used a comprehensive tool that allows them to detect these dangling domains and have found that there are around 317,000 of them in total. A dangling domain can happen for multiple reasons, one of these include a DNS record pointing to a non-existent resource. If a CNAME points to a certain instance, and that instance is deleted but the CNAME record is not, it leaves the CNAME record “dangling”. This can easily be exploited by a knowledgeable threat actor and then used to carry out malicious activity on a previously used domain. The Palo Alto report breaks down the dangling domain types and those include 63.1% being expired rdata, 36.9% from GitHub and 0.1% from WordPress.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased