A naukri.com initiative
Infoblox
1d
257
Image Credit: Infoblox
Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor
- Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations, such as S3 buckets and Azure endpoints, to host scams and malware URLs.
- The discovery of vulnerable DNS records indicates that Hazy Hawk likely has access to a large passive DNS service, with attacks involving complex DNS misconfigurations.
- Hazy Hawk leverages layered defenses and obfuscation techniques, including hijacking subdomains of reputable domains, obfuscating URLs, and using legitimate website content for redirection.
- The threat actor, Hazy Hawk, targets various organizations globally and prominent cloud services like Akamai, Amazon EC2, Azure, and Cloudflare CDN for domain hijacking and scam operations.
- Hazy Hawk employs push notifications, TDS mechanisms, and URL obfuscation to lure victims into scams, affiliated with other malicious actors and redirecting users through multiple domains.
- To prevent Hazy Hawk attacks, organizations are advised to manage DNS records effectively and invest in protective DNS solutions, while educating users to reject unknown website notification requests.
- The FBI reports a rise in scams enabled by threat actors like Hazy Hawk, emphasizing the importance of protecting both hijacked domains and end users from malicious activities in the affiliate marketing space.
- Hazy Hawk's extensive list of hijacked domains and indicators include reputable entities like universities, government agencies, healthcare companies, media, and corporations, showcasing the scale and impact of their operations.
- The post also delves into technical details of DNS hijacking, CNAME records, URL obfuscation, and the use of legitimate website content in disguising malicious activities by Hazy Hawk.
- Overall, the article sheds light on the sophisticated tactics employed by Hazy Hawk in exploiting abandoned cloud resources for malicious purposes and emphasizes the need for robust cybersecurity measures to combat such threats.
Read Full Article
15 Likes
For uninterrupted reading, download the app