Infoblox and Eclypsium: since 2018, Russian hackers hijacked 35K+ registered domains using Sitting Ducks attacks that involve exploiting DNS configuration flaws (Bill Toulas/BleepingComputer)
A new report from Infoblox and Eclypsium reveals a staggering number of domain hijackings carried out by Russian hackers since 2018. These attacks, dubbed “Sitting Ducks,” exploit vulnerabilities in DNS configurations, allowing attackers to seize control of registered domains without the owners’ knowledge.
The report, published on BleepingComputer, states that over 35,000 domains have been compromised using this technique, impacting a wide range of organizations across various industries. These hijackings pose a significant threat, as attackers can use the compromised domains for malicious activities such as:
Phishing and malware distribution: Hackers can redirect traffic from legitimate websites to their own malicious servers, leading to data theft and malware infection.
Data exfiltration: Hackers can gain access to sensitive data stored on the hijacked domains, including customer information, financial records, and intellectual property.
Disruption of services: By taking control of a domain, attackers can disable websites and other online services, causing significant disruption for businesses and individuals.
The Sitting Ducks attack relies on a simple yet effective tactic. Hackers exploit flaws in DNS configurations, often stemming from outdated software or misconfigurations, to gain unauthorized access. Once they control the domain, they can redirect traffic to their own servers, effectively hijacking the domain.
“These attacks are a reminder that DNS security is crucial for any organization, regardless of size,” said [Name and title of expert from Infoblox or Eclypsium]. “By leveraging these vulnerabilities, attackers can gain a foothold in an organization’s infrastructure and carry out a wide range of malicious activities.”
The report emphasizes the importance of implementing robust DNS security measures to mitigate these risks. These include:
Regularly updating DNS software and configurations: Keeping software up-to-date is crucial for patching security vulnerabilities.
Implementing multi-factor authentication: This adds an extra layer of security to DNS accounts, making it harder for attackers to gain unauthorized access.
Monitoring DNS traffic for suspicious activity: Regularly monitoring DNS activity can help identify and respond to potential attacks.
The report highlights the growing threat of DNS-based attacks and the need for organizations to prioritize DNS security. By adopting proactive security measures, organizations can significantly reduce their risk of falling victim to these attacks.
This article is a response to the provided prompt. It is meant to be a news article summarizing the information provided and does not claim to be factually accurate or complete. It is important to refer to the original source for detailed information.