Phishing page discovered on subdomain during Penetration Testing

Uncovering the hidden: Phishing page discovered on subdomain during Penetration Testing

Dec 17, 2024
Written by Davinsi Labs

In today’s cyber landscape, identifying vulnerabilities is only the first step in safeguarding digital assets. That’s why, when one of our clients approached us for a penetration test on their infrastructure, we were prepared to dig deep to ensure their assets' integrity and security.

During the engagement, our team of skilled penetration testers uncovered a surprising and concerning issue: a phishing page hidden on one of the client’s subdomains. One of their subdomains resolved to an Amazon S3 bucket. These buckets are used to publicly share resources stored on the cloud, with a branded and easy to remember domain name. This Amazon S3 bucket however became obsolete and was removed. A malicious actor then registered this vacant bucket name. With the DNS record still pointing to this Amazon S3 bucket, this malicious actor was able to host any content under the company’s subdomain without their knowledge, posing a significant risk to their customers, as it had the potential to mislead visitors into providing sensitive information under the guise of legitimacy.

Once detected, our team immediately alerted the customer, who took swift action to remove the phishing page and prevent further harm. This finding highlights the importance of securing subdomains and keeping a watchful eye on your assets that can sometimes go unnoticed. We provided the customer with steps to mitigate such vulnerabilities. Further advice and recommendations were shared to prevent similar incidents in the future.

Threats can lurk in unexpected places, even within trusted domains. A comprehensive approach to security, including regular penetration testing, is vital for organizations aiming to stay ahead of evolving cyber threats.
By proactively uncovering hidden dangers, we helped our customer mitigate potential damage, ensuring a safer digital experience for their users.

For more insights on how our penetration testing services can help secure your organization, reach out to us today.

Safeguarding your digital presence is our mission!

Share this news