easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b[[{“value”:”<\/p>\n For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their legitimate email has the best chance of getting to the intended recipients, and for domain owners to be quickly notified of any unauthorized usage of their domains. While together we are making progress thanks to DMARC adoption and reporting services such as Cisco\u2019s OnDMARC offering, there\u2019s an opportunity to do better particularly with on-going monitoring to address new and emerging threats, such as this Subdo campaign.<\/p>\n Recently a totally new attack type has been seen that takes advantage of the complacency that an organization may have when they approached their DMARC rollout with a \u2018ticked the box\u2019 mindset.<\/p>\n The SubdoMailing (Subdo) <\/a>campaign has been ongoing for about two years now. It sends malicious mail \u2013 that is typically authenticated \u2013 from domains and subdomains that have been compromised through domain takeover and dangling DNS issues.<\/p>\n These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.<\/p>\n Several weeks before that, Cisco\u2019s new DMARC partner, Red Sift, discovered what they initially thought was an isolated incident of bad senders passing SPF checks and sending emails fraudulently on behalf of one of their customers. In the customer\u2019s instance of Red Sift\u00a0OnDMARC<\/a>, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer\u2019s main domain. But these emails had fully passed SPF checks with the customer\u2019s current SPF record. Upon alerting the customer who then investigated all the \u2018includes\u2019 in their SPF record, several outdated CNAME addresses were found that had been taken over by attackers, which is what caused the issue.<\/p>\n The bad actors in this campaign are capitalizing on stale, forgotten or misconfigured records that were wrongfully included in DNS to send unauthorized emails. The attackers then send phishing emails as images to avoid text-based spam detection.<\/p>\n It is this oversight that has seen many notable organizations be impacted by these new subdomain attacks in the last few months, solely because they have not been actively monitoring in the right areas.<\/p>\n Don\u2019t let your domain names expire \u2013 these are what provide fraudsters the opportunity to carry out the attack. If you are wondering if you have been impacted by SubdoMailing, the best place to start is\u00a0Red Sift Investigate<\/a>, this will provide you with a review of your domain such as can be seen below:<\/p>\n\n Should this valuable tool reveal any \u2018SubdoMailers\u2019 \u2013 also known as poisoned includes \u2013 the\u00a0Red Sift SPF Checker<\/a>\u00a0allows you to visualize them in a dynamic \u2018SPF tree\u2019, allowing you to quickly pinpoint where they are and speed up remediation efforts, an example of a dynamic SPF tree can be seen below: \u2013<\/p>\n\n The OnDMARC<\/a> Adoption and Reporting Solution that Cisco partners with Red Sift on has already been updated to uncover exactly these issues directly within the tool to ensure our customers are protected.<\/p>\n If you\u2019re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security suite and better detect that image-based spam. To check out the sophisticated threat protection capabilities of Secure Email Threat Defense, start a free trial<\/a> today.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n “}]]\u00a0\u00a0Understanding the tricky way that subdomain attacks use your email authentication against you.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b[[{“value”:”<\/p>\n For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their legitimate email has the best chance of getting to the intended recipients, and for domain owners to be quickly notified of any unauthorized usage of their domains. While together we are making progress thanks to DMARC adoption and reporting services such as Cisco\u2019s OnDMARC offering, there\u2019s an opportunity to do better particularly with on-going monitoring to address new and emerging threats, such as this Subdo campaign.<\/p>\n Recently a totally new attack type has been seen that takes advantage of the complacency that an organization may have when they approached their DMARC rollout with a \u2018ticked the box\u2019 mindset.<\/p>\n The SubdoMailing (Subdo) <\/a>campaign has been ongoing for about two years now. It sends malicious mail \u2013 that is typically authenticated \u2013 from domains and subdomains that have been compromised through domain takeover and dangling DNS issues.<\/p>\n These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.<\/p>\n Several weeks before that, Cisco\u2019s new DMARC partner, Red Sift, discovered what they initially thought was an isolated incident of bad senders passing SPF checks and sending emails fraudulently on behalf of one of their customers. In the customer\u2019s instance of Red Sift\u00a0OnDMARC<\/a>, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer\u2019s main domain. But these emails had fully passed SPF checks with the customer\u2019s current SPF record. Upon alerting the customer who then investigated all the \u2018includes\u2019 in their SPF record, several outdated CNAME addresses were found that had been taken over by attackers, which is what caused the issue.<\/p>\n The bad actors in this campaign are capitalizing on stale, forgotten or misconfigured records that were wrongfully included in DNS to send unauthorized emails. The attackers then send phishing emails as images to avoid text-based spam detection.<\/p>\n It is this oversight that has seen many notable organizations be impacted by these new subdomain attacks in the last few months, solely because they have not been actively monitoring in the right areas.<\/p>\n Don\u2019t let your domain names expire \u2013 these are what provide fraudsters the opportunity to carry out the attack. If you are wondering if you have been impacted by SubdoMailing, the best place to start is\u00a0Red Sift Investigate<\/a>, this will provide you with a review of your domain such as can be seen below:<\/p>\n Should this valuable tool reveal any \u2018SubdoMailers\u2019 \u2013 also known as poisoned includes \u2013 the\u00a0Red Sift SPF Checker<\/a>\u00a0allows you to visualize them in a dynamic \u2018SPF tree\u2019, allowing you to quickly pinpoint where they are and speed up remediation efforts, an example of a dynamic SPF tree can be seen below: \u2013<\/p>\n The OnDMARC<\/a> Adoption and Reporting Solution that Cisco partners with Red Sift on has already been updated to uncover exactly these issues directly within the tool to ensure our customers are protected.<\/p>\n If you\u2019re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security suite and better detect that image-based spam. To check out the sophisticated threat protection capabilities of Secure Email Threat Defense, start a free trial<\/a> today.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\nWhat\u2019s happened?<\/strong><\/h2>\n
What should I look out for?<\/strong><\/h2>\n
Proactive steps to start today:<\/strong><\/h2>\n
\nKeep your DNS clean \u2013 Remove resource records from your DNS that are no longer in use and remove third-party dependencies from your DNS when they become redundant.
\nUse a trusted email protection provider \u2013 It makes sense to use a vendor for DMARC, DKIM and SPF requirements but be sure to use a trusted vendor with the capability to proactively identify problems, such as when part of a SPF policy is void or insecure.
\nCheck for dangling DNS records \u2013 Have an inventory of hostnames that are monitored continuously for dangling resource records and third-party services. When identified, remove them immediately from your DNS.
\nMonitor what sources are sending from owned domains \u2013 If the domain or subdomain is taken over for sending, then it is important to know if mail is being sent from it as quickly as possible.<\/p>\nWhat else should I do?<\/strong><\/h2>\n
What\u2019s happened?<\/strong><\/h2>\n
What should I look out for?<\/strong><\/h2>\n
Proactive steps to start today:<\/strong><\/h2>\n
\nKeep your DNS clean \u2013 Remove resource records from your DNS that are no longer in use and remove third-party dependencies from your DNS when they become redundant.
\nUse a trusted email protection provider \u2013 It makes sense to use a vendor for DMARC, DKIM and SPF requirements but be sure to use a trusted vendor with the capability to proactively identify problems, such as when part of a SPF policy is void or insecure.
\nCheck for dangling DNS records \u2013 Have an inventory of hostnames that are monitored continuously for dangling resource records and third-party services. When identified, remove them immediately from your DNS.
\nMonitor what sources are sending from owned domains \u2013 If the domain or subdomain is taken over for sending, then it is important to know if mail is being sent from it as quickly as possible.<\/p>\nWhat else should I do?<\/strong><\/h2>\n