Domain names are getting hijacked undetected by Sitting Ducks attacks. The attack occurs without compromising the linked account, which the DNS provider should secure. The damage the attack causes can be extensive: cybercriminals are given the opportunity to spread malware and phishing under the domain name.
DNS providers are the target of Sitting Ducks attacks. Such attacks allow cybercriminals to hijack domain names and then abuse them. Abuse can take the form of malware, phishing campaigns, brand impersonation and data exfiltration. A Cobalt Strike would have already been illegally distributed in this way.
Researchers at Infoblox and Eclypsium investigated this method of attack and discovered active abuse at several DNS providers. This provider shares in…
Source link