Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners

  /     /     /  
Publicated : 23/11/2024   Category : security

Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners


Researchers say the attacks are easy to perform, difficult to contact, nearly unrecognizable, and entirely preventable.


More than a dozen Russian cybercriminals are taking advantage of opening in the
Domain Name System
(DNS) by deploying the Sitting Ducks attack that targets DNS providers.
In this kind of attack, a threat actor gains unauthorized access to a registered domain and conducts whatever activity they please, including impersonating the legitimate owner. This activity ranges from malware delivery and phishing campaigns to brand impersonation and data exfiltration. And the pool of exploitable domains is not small; the researchers at Infoblox and Eclypsium estimate that there are more than 1 million susceptible domains on any given day, with multiple ways to identify each of them.  
The attacks, according to the researchers, are easy to perform, difficult to contact, nearly completely unrecognizable, and most of all are entirely preventable.
While DNS serves as the backbone for Internet communication, it is often overlooked as a strategic attack surface, the researchers said. Published attack vectors against DNS may be dismissed as inevitable and not receive the same level of mitigation as a software bug, creating a perfect attack surface for malicious actors.
To stop these kinds of attacks, the researchers recommend that domain name owners evaluate their risk, especially for domains 10 years or older. The researchers provide
information on their blog post
for how to evaluate a domain and mitigate risks to their DNS services.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners