In a high-profile attack, hackers exploited a forgotten Ferrari subdomain to launch a fake NFT collection. Because the subdomain legitimately belonged to Ferrari, customers had no way to know the offer was fraudulent.
What Happened
- Attackers discovered an old, unused subdomain that was still pointing to a third-party service.
- The third-party service had been decommissioned, leaving the DNS record "dangling".
- The attackers were able to claim the dangling DNS record and host their own malicious content on the subdomain.
- They launched a fake NFT collection, using Ferrari's brand to lure in unsuspecting customers.
Impact
- Stole customer funds and data
- Severely damaged Ferrari's digital reputation
- Led to a loss of customer trust
Lessons Learned
- Continuous Discovery: Organizations must have a complete and up-to-date inventory of all their digital assets, including subdomains.
- Dangling DNS Prevention: Regularly scan for and remediate dangling DNS records.
- Third-Party Risk Management: Carefully manage the lifecycle of third-party integrations and their associated DNS records.