Wiz introduces Dangling Domain Detection to help you prevent subdomain takeovers

Easily detect dangling domains to reduce the risk of phishing campaigns and cookie harvesting of organization’s customers.

2 minutes read

A subdomain takeover is a common network security threat that allows attackers to hijack traffic to your services or take over your domain. Detecting these threats early can minimize opportunities for hijackers to attack your services. Wiz is here to give you piece of mind, providing you visibility for those domains registered with Amazon Route 53. To fully understand what this solution is and why dangling domains is an issue, let us first describe what a Domain Name System (DNS) is. 

DNS translates requests for domain names like wiz.io into IP addresses. When you type “wiz.io” into your browser, a request is sent to a DNS server that asks for the IP address that is behind the domain name “wiz.io”. The term “dangling” refers to when a DNS admin forgets to remove an alias in their DNS zone after they are done using it, leaving it “dangling.” Dangling DNS records could easily be exploited for domain hijacking. Bug bounty hunters love to look for this sort of low hanging fruit because it is easy to find. Dangling domain entries make it possible for hijackers to take control of the associated DNS name and redirect traffic to a malicious website or service, resulting in potential phishing campaigns, and cookie harvesting from end users. 

Regardless of the size of your organization, it is critical to protect its users against unsafe dangling domains. If your company has dangling domain entries, simply delete the unused alias from your DNS zone and regularly monitor for empty aliases in your zone. However, keeping track of the unused aliases regularly is challenging without the right tools. 

Automatically detect domains to uncover subdomain takeover risk  

We are excited to announce Dangling Domain Detection, a new feature to help you identify DNS entries within your organization that might be dangling. Amazon Web Services (AWS) customers can now detect domains with a Canonical Name (CNAME) associated to their existing AWS resources that do not have an associated S3 bucket. It can also identify domains that have an associated S3 bucket, but do not belong to the organization. Both scenarios would indicate that the domain is dangling and there is a risk of subdomain takeover from hijackers. Since a domain can become dangling at any time, Wiz checks every Route53 DNS record daily to continuously protect against subdomain takeover risk.  

As a critical part of your security program, your organization needs to proactively identify and prevent dangling DNS entries to mitigate subdomain takeovers. Dangling Domain Detection works out of the box, there is no need to regularly supply us with your list of domains. The external exposures dashboard provides rich visualizations so your team can be alerted early on to kick off remediation workflows. 

Start detecting your dangling domains today  

Wiz’s Dangling Domain Detection for AWS customers helps protect your organization’s brand by reassuring your end customers that their content is safe. Support for cloud providers other than AWS will also be coming soon. Starting today, this feature is available for all Wiz Advanced customers. You can learn more in the  Wiz docs (login required). If you prefer a live demo, we would love to  connect with you. 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management