New Sitting Ducks DNS Attack Technique Puts Millions of Domains at Risk of Hijack

• More than a million domains are at risk of takeover by malicious actors in a new DNS attack technique.
• The Sitting Ducks attacks exploited weaknesses in the domain name system (DNS) without accessing the owner’s account via the registrar or DNS provider.

Hackers are increasingly exploiting vulnerabilities in the Domain Name System (DNS) with a new attack vector known as ‘Sitting Ducks’ attacks. This latest threat has placed over a million registered domains at risk of being taken over.

The Sitting Ducks Attack

This new attack method exploits vulnerabilities in DNS, the system for translating human-friendly domain names into IP addresses, which devices use to identify each other in a network. According to the researchers from Infoblox and Eclypsium, the attack allows hackers to hijack domain names relatively straightforwardly, often without being detected. The attacks can be carried out under the following conditions:

• A registered domain or subdomain uses or delegates authoritative DNS services to a provider different from the domain registrar.
• The record’s authoritative name server(s) does not have data about the domain, resulting in an inability to resolve queries.
• The attacker can “claim” the domain at the provider and set up DNS records without access to the valid owner’s account at the domain registrar.

This attack is made possible by inadequate security measures implemented in the DNS infrastructure. Hackers exploit poor authentication protocols, outdated records, and weak monitoring practices to gain control over domain names. Once such control is established, the domains can redirect traffic to malicious websites, which could result in phishing attacks or malware distribution.

See More: Faulty Operation of Microsoft’s DDoS Defenses Amplified Impact of Azure Outage

Security Implications

According to the researchers, more than 35,000 domains, from small websites such as personal blogs to large corporate websites, have already been compromised by such attacks. Since the method of attack is easy to implement, it can be exploited even by inexperienced hackers, increasing the scale of the threat.

A significant concern is the stealthy nature of the attacks. Owners are often unaware that their domain has been hijacked. This allows hackers to run their malicious activities for a more extended period, potentially resulting in massive financial and reputational losses. In some cases, hijacked websites have been used to conduct cyber attacks and phishing campaigns on other targets.

Mitigation Measures

To protect against Sitting Ducks attacks, domain owners must implement a multi-layered security approach, including:

• Audits and monitoring: Domain owners should audit their DNS records and look for unauthorized changes. Related tools and services can alert owners to suspicious activities in real-time.
• Enable DNSSEC: Domain Name System Security Extensions (DNSSEC) add to the security of the DNS protocol by ensuring that responses have not been tampered with. This prevents many forms of DNS attacks, including hijacking.
• Authentication measures: One should implement robust security tools and multi-factor authentication (MFA) for all accounts. This minimizes the risk of unauthorized access.
• Registrar lock: The registrar lock feature can prevent unauthorized domain transfers and add security by making manual verification mandatory for transfer requests.
• Updating contact information: Ensure the contact information given to the domain registrar is updated and accurate. This allows timely communication in case of suspicious activities.
• Awareness training: Organizations should educate employees and stakeholders about the risks of domain hijacking and the importance of security best practices. It should be made clear that human error is a significant vulnerability.

Takeaways

Sitting Ducks attacks constitute a significant threat to domain owners, highlighting the need for monitoring and robust security measures. Understanding the nature of such attacks and implementing protection strategies allow domain owners to mitigate risks and protect themselves. As cyber threats evolve, staying informed is essential in defending against such sophisticated attacks.

LATEST NEWS STORIES

• EU’s Artificial Intelligence Act Comes Into Effect
• OpenAI Launches the Advanced Voice Mode… With a Catch
• Intel May Be Planning Major Job Cuts to Reduce Costs
• Canva Acquires Leonardo AI to Bring Visual AI to Content Creators