Russian cybercriminals are hijacking domain names — with thousands of sites already taken over

After first being discovered in 2016, "Sitting Ducks" attacks are becoming increasingly common among DNS providers.

Russian cybercriminals are hijacking domain names — with thousands of sites already taken over

INCREASE YOUR SALES WITH NGN1,000 TODAY!

Advertise on doacWeb

WhatsApp: 09031633831

To reach more people from NGN1,000 now!

INCREASE YOUR SALES WITH NGN1,000 TODAY!

Advertise on doacWeb

WhatsApp: 09031633831

To reach more people from NGN1,000 now!

INCREASE YOUR SALES WITH NGN1,000 TODAY!

Advertise on doacWeb

WhatsApp: 09031633831

To reach more people from NGN1,000 now!

Cybersecurity researchers from Infoblox and Eclypsium have discovered a critical vulnerability within the Domain Name System (DNS) that is currently being exploited by Russian cybercriminals to take over legitimate websites.

Dubbed the ‘Sitting Ducks’ attack, the method is being used by more than a dozen Russian-affiliated threat actors to hijack domain names.

The issue, first noted in 2016, has seen a resurgence this year, and since its rediscovery, the two companies have collaborated with law enforcement and national Computer Emergency Response Teams (CERTs).

Sitting Duck attacks are on the rise

The Sitting Ducks attack targets DNS providers through a combination of lame delegation and insufficient validation of domain ownership, allowing attackers to claim domains at DNS providers without needing access to the legitimate owner’s account.

The research highlights the alarmingly common nature of exploitable domains, with more than one million vulnerable targets on any given day.

Moreover, the researchers say that the method is easy to perform and difficult to detect, but importantly for potential victims, it’s also entirely preventable.

After hijacking a currently registered domain by exploiting vulnerable DNS providers, an attacker can conduct a range of malicious activities, including malware delivery, phishing campaigns, brand impersonation and data exfiltration.

For the most part, the attack remains largely unknown and is harder to detect than other domain-hijacking methods like dangling CNAMEs.

Recommendations for preventing the Sitting Ducks attack include ensuring DNS providers require domain ownership verification and monitoring for lame delegations.

Furthermore, Infoblox and Eclypsium are to present their findings and further details at the upcoming BlackHat conference, offering an opportunity for the cybersecurity community to address the threat.

More from TechRadar Pro

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow