Sign In

Communications of the ACM

ACM TechNews

A DNS Hijacking Wave Is Targeting Companies at an Almost Unprecedented Scale


The attacks use three different methods to manipulate Domain Name System records.

Companies are being warned about a wave of domain hijacking attacks.

Credit: darkwebnews.com

Federal authorities and private researchers are warning companies about a wave of domain hijacking attacks using relatively novel techniques to compromise targets at an almost unprecedented scale.

Security firm FireEye said the attacks, which have been active since January 2017, use three different methods to manipulate the Domain Name System (DNS) records allowing computers to find a company's computers on the Internet.

By replacing the legitimate Internet Protocol address for a domain with a booby-trapped address, attackers can cause that website to carry out malicious activities, including harvesting users' login credentials.

The techniques detected by FireEye researchers are especially effective because they allow attackers to obtain valid Transport Layer Security certificates that prevent browsers from detecting the hijacking.

One such technique involves changing the DNS A record, which works when the attackers have previously compromised login credentials for the administration panel of the target's DNS provider.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found