Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
Configuration issues put millions more resources at risk.
In the past six months, cybercriminals have taken over more than 70,000 domains out of an estimated 800,000 vulnerable to a simple attack known as "Sitting Ducks." Infoblox and Eclypsium specialists warned about this vulnerability in mid-summer and recommended that site owners fix the problem immediately, but many ignored this warning.
The attack is based on DNS configuration errors known as "Lame Delegation". With this configuration, the server cannot "resolve" the site address, which allows attackers to hijack the domain and change its DNS records without having access to the owner's account.
Among the victims are already such large companies as CBS Interactive and McDonald's, as well as a number of government and non-profit organizations. Researchers note that these attacks remain inconspicuous, since the problem is not recognized as an official vulnerability and has not received a CVE identifier.
Infoblox experts point to the massive spread of this vulnerability. They estimate that about a million domains could be attacked by "Sitting Ducks" every day. Sites that use popular free DNS services are especially vulnerable.
Attackers actively exploit vulnerable domains to create a cyberattack infrastructure. The criminals use the seized resources to distribute spam, deliver malware, and command and control centers. After being captured, many sites become platforms for redirecting traffic to malicious resources.
Two groups are particularly active. The first is Vacant Viper, which hijacks about 2,500 domains annually for use in spam campaigns and other illegal operations. The second is Vextrio Viper, which organizes large-scale affiliate programs to distribute traffic.
The problem can be fixed by properly configuring DNS with registrars and providers. Experts emphasize that configuration errors are an omission that can be easily prevented with proper coordination of all parties involved in domain management.
Source
In the past six months, cybercriminals have taken over more than 70,000 domains out of an estimated 800,000 vulnerable to a simple attack known as "Sitting Ducks." Infoblox and Eclypsium specialists warned about this vulnerability in mid-summer and recommended that site owners fix the problem immediately, but many ignored this warning.
The attack is based on DNS configuration errors known as "Lame Delegation". With this configuration, the server cannot "resolve" the site address, which allows attackers to hijack the domain and change its DNS records without having access to the owner's account.
Among the victims are already such large companies as CBS Interactive and McDonald's, as well as a number of government and non-profit organizations. Researchers note that these attacks remain inconspicuous, since the problem is not recognized as an official vulnerability and has not received a CVE identifier.
Infoblox experts point to the massive spread of this vulnerability. They estimate that about a million domains could be attacked by "Sitting Ducks" every day. Sites that use popular free DNS services are especially vulnerable.
Attackers actively exploit vulnerable domains to create a cyberattack infrastructure. The criminals use the seized resources to distribute spam, deliver malware, and command and control centers. After being captured, many sites become platforms for redirecting traffic to malicious resources.
Two groups are particularly active. The first is Vacant Viper, which hijacks about 2,500 domains annually for use in spam campaigns and other illegal operations. The second is Vextrio Viper, which organizes large-scale affiliate programs to distribute traffic.
The problem can be fixed by properly configuring DNS with registrars and providers. Experts emphasize that configuration errors are an omission that can be easily prevented with proper coordination of all parties involved in domain management.
Source
