A DNS hijacking wave is targeting companies at an almost unprecedented scale

Traffic sign indicating which direction to follow in the event of a tsunami.

Enlarge (credit: Quentin Meulepas
/ Flickr
)

Federal authorities and private researchers are alerting
companies to a wave of domain hijacking attacks that’s using
relatively novel techniques to compromise targets at an almost
unprecedented scale.

The attacks, which security firm FireEye said have been active
since January 2017, use three different ways to manipulate the
Domain Name System records that allow computers to find a company’s
computers on the Internet. By replacing the the legitimate IP
address for a domain such as example.com with a booby-trapped
address, attackers can cause example.com to carry out a variety of
malicious activities, including harvesting user’s login
credentials. The techniques detected by FireEye are particularly
effective, because they allow attackers to obtain valid TLS
certificates that prevent browsers from detecting the
hijacking.

“A large number of organizations has been affected by this
pattern of DNS record manipulation and fraudulent SSL
certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben
Read wrote in a
report published Thursday
. “They include telecoms and ISP[s],
government and sensitive commercial entities.” The campaign, they
added, is occurring around the globe at “an almost unprecedented
scale, with a high degree of success.”

Read 8 remaining
paragraphs

Source: FS – Industry
A DNS hijacking wave is targeting companies at an almost unprecedented scale



Leave a Reply