A naukri.com initiative
Infoblox
1M
54
Image Credit: Infoblox
DNS Predators Hijack Domains to Supply their Attack Infrastructure
- A report by Infoblox Threat Intel estimates that over 1 million registered domains could be vulnerable to Sitting Ducks attack, an underreported domain hijacking attack that uses misconfigured Domain Name System (DNS) settings to take over a website and use it to establish an attack infrastructure.
- The most common victims of the Sitting Ducks attack are well-known brands, non-profits and government entities with well-reputed domain names.
- The attack vector is relatively easy to execute and is often exploited by cybercriminals to evade existing detections and strengthen their malicious campaigns.
- Researchers have seen cases of rotational hijacking, where a domain is hijacked by multiple actors over time.
- Infoblox Threat Intel has identified two groups, Vextrio Viper and Vacant Viper, who have used this vector to strengthen their cyber-attacks, including malicious spam operations, porn delivery, establishing remote access trojan (RAT) control channels, and dropping malware.
- Horrid Hawk and Hasty Hawk are the latest groups using Sitting Ducks attack. Horrid Hawk has been hijacking domains and using them for investment fraud schemes, while Hasty Hawk has hijacked over 200 domains to operate widespread phishing campaigns.
- Organizations or businesses that own the vulnerable domains, as well as individuals who inadvertently access the malicious content or infrastructure, are the main victims of Sitting Ducks attack.
- Sitting Ducks attacks are relatively easy to perform and difficult to detect. DNS misconfigurations are an oversight arising from many factors. However, this attack vector is entirely preventable with correct configurations at the domain registrar and DNS providers.
- Infoblox Threat Intel experts created an extensive report that explains the details behind how Sitting Ducks attacks work and how to identify a compromised domain.
- The report also explores how Vipers and Hawks execute Sitting Ducks attacks to create an infrastructure resistant to security vendor detection.
Read Full Article
3 Likes
For uninterrupted reading, download the app