Known Brand, Government Domains Hijacked via Sitting Ducks Attacks

Tens of thousands of domains, including those of well-known brands, non-profits, and government entities, have been hijacked over the past five years because DNS providers failed to properly verify domain ownership, cybersecurity firm Infoblox reports.

The issue was initially disclosed in late July, when Eclypsium and Infoblox said that roughly 35,000 domains had been hijacked since 2018 by abusing the weakness as part of so-called Sitting Ducks attacks.

However, that was just the tip of the iceberg, Infoblox says in a new report. Further investigation into this configuration-oriented attack vector has revealed that at least 800,000 domains could be hijacked, and that 70,000 have already fallen victim to attackers.

Sitting Ducks poses a threat to both businesses and their users, Infoblox warns. The attacks cause reputational damage and financial losses, and could lead to malware infections, credential theft, and fraud.
 https://www.securityweek.com/known-brand-government-domains-hijacked-via-sitting-ducks-attacks/

#cybersecurity #dns