Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme


Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently hijacked. The Sitting Ducks attack, at its core, allows a malicious actor to seize control of a domain by leveraging misconfigurations in its domain name system (DNS) settings. This includes scenarios where the DNS points to the wrong authoritative name server. However, there are certain prerequisites in order to pull this off: A registered domain delegates authoritative DNS services to a different provider than the domain registrar, the delegation is lame, and the attacker can "claim" the domain at the DNS provider and set up DNS records without access to the valid owner's account at the domain registrar.

Read More


thumb-image

Solutions