Infoblox recently issued a warning about the vulnerability of over 800,000 domains to hijacking attacks. The company highlighted that threat actors are taking advantage of misconfigured DNS name servers to carry out these attacks, making it challenging for victims to detect such activities.
The attack vector, known as “Sitting Ducks,” has been a persistent issue, with domain registrars, DNS providers, and government entities being inactive in addressing the threat. Threat actors exploit DNS configuration flaws to gain complete control over vulnerable domains, including those of major companies like McDonald’s and Paramount Global.
Infoblox’s report, titled “DNS Predators Attack: Vipers and Hawks Hijack Sitting Ducks,” sheds light on the prevalence of the Sitting Ducks attack vector. The report revealed that nearly 800,000 registered domains are vulnerable, with around 70,000 of them already hijacked by threat actors. However, these numbers are likely underestimated, as subdomains were not included in the assessment.
Attackers can seize control of domains without the need for credential theft or accessing the domain owner’s registrar account. Instead, they exploit misconfigured DNS settings that direct traffic to incorrect name servers, paving the way for domain hijacking.
During their research, Infoblox identified multiple independent threat actors engaged in Sitting Ducks attacks. These actors, ranging from low to advanced technical levels, collaborate and share information on vulnerable domains. The ease of executing this attack vector has attracted actors of various technical capabilities, with a significant presence of Russian actors.
One of the threat actors, referred to as “Vacant Viper,” operates a criminal traffic distribution system known as “404TDS.” Infoblox discovered a pattern of domain hijackings associated with 404TDS, primarily stemming from misconfigured DNS name servers. The report emphasized the critical role of misconfigured DNS settings in enabling such hijackings, underscoring the need for vigilance in DNS configuration.
Lame delegation, a key element of Sitting Ducks attacks, poses a consistent challenge that Infoblox identified across various registrars. This issue arises from misconfigurations at the registrar level, where security protocols are temporarily lacking, creating opportunities for threat actors to exploit vulnerable domains.
![Sir Raoul [By] James M. Ludlow](https://m.media-amazon.com/images/I/71WD-1qZ3SL._AC_UL320_.jpg)
Infoblox stressed that while Sitting Ducks attacks are relatively simple to carry out and challenging to detect, they are entirely preventable with proper configurations at the domain registrar and DNS providers. Renée Burton, Infoblox’s vice president of threat intelligence, expressed disappointment over the lack of response from affected parties, calling for greater collaboration among stakeholders to mitigate these attacks.
The report highlighted the longevity of Sitting Ducks attacks, which have been observed since 2016 and targeted various sectors, including government entities. Despite the increasing exploitation of this attack vector, underreporting remains a significant issue, with researchers advocating for greater awareness and proactive measures to combat misconfigurations like lame delegation.
Infoblox emphasized the importance of cooperation among DNS providers, registrars, governments, and standards bodies to address the threat posed by Sitting Ducks attacks. The report called for a reevaluation of how vulnerabilities are classified and addressed, advocating for a more comprehensive approach to tackling security vulnerabilities that exploit protocol weaknesses.
Overall, the report underscores the urgent need for collective action to address the vulnerabilities that enable Sitting Ducks attacks, urging stakeholders to prioritize security measures and collaborate effectively to safeguard against domain theft.
📰 Related Articles
- Zelensky Warns Foreign Officials on Safety at Russia’s Victory Parade
- Xerox Versalink Printers Vulnerable to Hackers, Security Risks Identified
- Unlocking Business Potential: The Value of Premium Domains
- UDRP Case Reveals Reverse Domain Name Hijacking Dilemma
- Top Registrars for .AI Domains: Choosing Your Ideal Partner