1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Russian cybercriminals are hijacking domain names with thousands

    From TechnologyDaily@1337:1/100 to All on Thu Aug 1 14:45:05 2024
    Russian cybercriminals are hijacking domain names with thousands of sites already taken over

    Date:
    Thu, 01 Aug 2024 14:29:31 +0000

    Description:
    After first being discovered in 2016, "Sitting Ducks" attacks are becoming increasingly common among DNS providers.

    FULL STORY ======================================================================

    Cybersecurity researchers from Infoblox and Eclypsium have discovered a critical vulnerability within the Domain Name System ( DNS ) that is
    currently being exploited by Russian cybercriminals to take over legitimate websites.

    Dubbed the Sitting Ducks attack, the method is being used by more than a
    dozen Russian-affiliated threat actors to hijack domain names .

    The issue, first noted in 2016, has seen a resurgence this year, and since
    its rediscovery, the two companies have collaborated with law enforcement and national Computer Emergency Response Teams (CERTs). Sitting Duck attacks are on the rise

    The Sitting Ducks attack targets DNS providers through a combination of lame delegation and insufficient validation of domain ownership, allowing
    attackers to claim domains at DNS providers without needing access to the legitimate owners account.

    The research highlights the alarmingly common nature of exploitable domains, with more than one million vulnerable targets on any given day.

    Moreover, the researchers say that the method is easy to perform and
    difficult to detect, but importantly for potential victims, its also entirely preventable.

    After hijacking a currently registered domain by exploiting vulnerable DNS providers, an attacker can conduct a range of malicious activities, including malware delivery, phishing campaigns, brand impersonation and data exfiltration.

    For the most part, the attack remains largely unknown and is harder to detect than other domain-hijacking methods like dangling CNAMEs.

    Recommendations for preventing the Sitting Ducks attack include ensuring DNS providers require domain ownership verification and monitoring for lame delegations.

    Furthermore, Infoblox and Eclypsium are to present their findings and further details at the upcoming BlackHat conference, offering an opportunity for the cybersecurity community to address the threat. More from TechRadar Pro These are the best free and public DNS servers Downloaded something dodgy? Check
    out the best malware removal tools around Russian hackers target EU countries using a simple Microsoft Outlook security flaw



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-cybercriminals-are-hijacking-do main-names-with-thousands-of-sites-already-taken-over


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)