You can't secure your website enough. We know, because on the night of 1 to 2 February we fell victim to cybercriminals who redirected a link on a subdomain of dnsbelgium.be to a phishing site.
The warning came from our own security tool Safebrowsing. It sent us a message on the night of 1 to 2 February that a link on tracking.dnsbelgium.be redirected to a phishing site. Safebrowsing gets its information from parties such as Netcraft. They compile lists of domain names that are hacked or abused. If your domain name appears in one of the lists, Safebrowsing will send you an alert so you can take the necessary action. As soon as we verified the alert, we disabled the subdomain.
In this case, it was a so-called 'open redirect' from our subdomain tracking.dnsbelgium.be. This subdomain was used by our CRM supplier to track our external mailings. This gives you insight into who opens your mails and clicks on links. A bug in the software allowed cybercriminals to redirect a visitor from that URL to any other website. Even to a phishing website.
Apparently, DNS Belgium itself was not the target of this attack. Netcraft found multiple phishing URLs of this format and with other domain names. We stress that there was no data theft or hacking of our systems. Our CRM supplier investigated the issue and resolved it on the same day, together with the mailing tool sub-supplier.
How do you prevent such misuse of your website?
- It is important to properly secure every link in your process (supply chain security). But even if you choose a good supplier, things can always go wrong.
- Check whether it is really necessary to use an open redirect. If so, you should consider taking extra measures to protect against abuse here too. Fastly.com provides more tips on this.
- Secure your website with these tips.