Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
Cybercriminals managed to gain control of more than 35 thousand registered domains using a DNS attack vector called "Sitting Ducks". The bottom line is the exploitation of configuration errors at the registrar level and insufficient verification of the owner by the provider.
Infoblox and Eclypsium specialists paid attention to Sitting Ducks. According to them, the Network managed to detect more than a million domains vulnerable to this attack vector.
Researchers believe that behind the operation of Sitting Ducks is "a lot of Russian cybercrime groups" that use hacked domains to send spam and in phishing campaigns.
Interestingly, Sitting Ducks was described back in 2016 by Snap's Matthew Bryant. Nevertheless, the vector continues to work, but a number of conditions are required for a successful attack:
* the target domain must use or delegate DNS services to a provider that is not a registrar;
* the name server cannot resolve requests because it lacks domain information (invalid delegation);
* the DNS provider must allow a domain application without proper proof of ownership or access requirements for the owner's account.
As explained in Infoblox, attackers can use Sitting Ducks to hijack domains that use DNS services, for example, from a hoster. First, the attacker will need to create an account in the DNS provider's system, and then claim their rights to the domain.
After that, the cybercriminal creates a malicious website and configures the DNS settings so that the IP resolves to a fake address. The rightful owner will not be able to change the DNS records.
Infoblox and Eclypsium specialists paid attention to Sitting Ducks. According to them, the Network managed to detect more than a million domains vulnerable to this attack vector.
Researchers believe that behind the operation of Sitting Ducks is "a lot of Russian cybercrime groups" that use hacked domains to send spam and in phishing campaigns.
Interestingly, Sitting Ducks was described back in 2016 by Snap's Matthew Bryant. Nevertheless, the vector continues to work, but a number of conditions are required for a successful attack:
* the target domain must use or delegate DNS services to a provider that is not a registrar;
* the name server cannot resolve requests because it lacks domain information (invalid delegation);
* the DNS provider must allow a domain application without proper proof of ownership or access requirements for the owner's account.
As explained in Infoblox, attackers can use Sitting Ducks to hijack domains that use DNS services, for example, from a hoster. First, the attacker will need to create an account in the DNS provider's system, and then claim their rights to the domain.
After that, the cybercriminal creates a malicious website and configures the DNS settings so that the IP resolves to a fake address. The rightful owner will not be able to change the DNS records.
