Hacktivists Turn To DNS Hijacking

  /     /     /  
Publicated : 22/11/2024   Category : security


Hacktivists Turn To DNS Hijacking


Coach, UFC fall victim to attacks that redirect their Web traffic



Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target companys website.
According to a
blog written by security expert Lars Harvey of IID
, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victims legitimate website (and often all the email and back-end transactions, too) to a destination of the attackers choosing.
A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware, Harvey states.
Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure theyre resolving properly around the world, making them vulnerable to attack, the blog says.
The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle, Harvey reports. Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack.
On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didnt like the mixed-martial arts company fighting the organizations support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach Inc., for the same reason.
Thankfully, both DNS hijack attacks were defeated within a few hours, the blog states. In the Coach case, it appears that the legitimate hosting company where the hijacked domain was redirected to noticed the large influx of new traffic, quickly determined its nefarious source and helped get the problem fixed.
It could have been worse, Harvey says. Both Coach and UFC got lucky that the hacktivist criminals are apparently inexperienced in the matter of DNS hijackings, which made it relatively easy to mitigate the attacks, he states.
Both Coach and UFC registered their domains at Network Solutions, IID reports. The criminals hijacked the domains by accessing the companies domain management accounts at Network Solutions, the blog states. Its currently unclear how they did so. In such cases, the cause is usually weak or compromised user passwords, or a website vulnerability at the registrar. Since very few registrars use multifactor authentication, this makes taking over domain names almost trivially easy for any hacker.
Companies should have their domains registered at a corporate domain registrar, rather than a registrar that caters primarily to individuals, IID advises. [Corporate] registrars have designed their services to serve companies, and provide levels of security and service that make it much more difficult for an attacked to hijack your domain, the blog says. If your corporate domains are registered at consumer-focused registrars like GoDaddy, Network Solutions, and Register.com, then you are much more vulnerable to attack.
Companies also should continuously monitor their DNSes so they can be immediately alerted of attacks, says IID, which offers such a monitoring service.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hacktivists Turn To DNS Hijacking