Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners

  /     /     /  
Publicated : 23/11/2024   Category : security


Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners


Researchers say the attacks are easy to perform, difficult to contact, nearly unrecognizable, and entirely preventable.



More than a dozen Russian cybercriminals are taking advantage of opening in the
Domain Name System
(DNS) by deploying the Sitting Ducks attack that targets DNS providers.
In this kind of attack, a threat actor gains unauthorized access to a registered domain and conducts whatever activity they please, including impersonating the legitimate owner. This activity ranges from malware delivery and phishing campaigns to brand impersonation and data exfiltration. And the pool of exploitable domains is not small; the researchers at Infoblox and Eclypsium estimate that there are more than 1 million susceptible domains on any given day, with multiple ways to identify each of them.  
The attacks, according to the researchers, are easy to perform, difficult to contact, nearly completely unrecognizable, and most of all are entirely preventable.
While DNS serves as the backbone for Internet communication, it is often overlooked as a strategic attack surface, the researchers said. Published attack vectors against DNS may be dismissed as inevitable and not receive the same level of mitigation as a software bug, creating a perfect attack surface for malicious actors.
To stop these kinds of attacks, the researchers recommend that domain name owners evaluate their risk, especially for domains 10 years or older. The researchers provide
information on their blog post
for how to evaluate a domain and mitigate risks to their DNS services.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sitting Ducks Attacks Create Hijacking Threat for Domain Name Owners