Russian cybercriminals are hijacking domain names — with thousands of sites already taken over
Watch out for this domain name hijacking
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers from Infoblox and Eclypsium have discovered a critical vulnerability within the Domain Name System (DNS) that is currently being exploited by Russian cybercriminals to take over legitimate websites.
Dubbed the ‘Sitting Ducks’ attack, the method is being used by more than a dozen Russian-affiliated threat actors to hijackdomain names.
The issue, first noted in 2016, has seen a resurgence this year, and since its rediscovery, the two companies have collaborated with law enforcement and national Computer Emergency Response Teams (CERTs).
Sitting Duck attacks are on the rise
The Sitting Ducks attack targets DNS providers through a combination of lame delegation and insufficient validation of domain ownership, allowing attackers to claim domains at DNS providers without needing access to the legitimate owner’s account.
The research highlights the alarmingly common nature of exploitable domains, with more than one million vulnerable targets on any given day.
Moreover, the researchers say that the method is easy to perform and difficult to detect, but importantly for potential victims, it’s also entirely preventable.
After hijacking a currently registered domain by exploiting vulnerable DNS providers, an attacker can conduct a range of malicious activities, including malware delivery, phishing campaigns, brand impersonation and data exfiltration.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
For the most part, the attack remains largely unknown and is harder to detect than other domain-hijacking methods like dangling CNAMEs.
Recommendations for preventing the Sitting Ducks attack include ensuring DNS providers require domain ownership verification and monitoring for lame delegations.
Furthermore, Infoblox and Eclypsium are to present their findings and further details at the upcoming BlackHat conference, offering an opportunity for the cybersecurity community to address the threat.
More from TechRadar Pro
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)