View Course

Hackers Using Sitting Ducks Attack To Hijack Domains, 1 Million Domains Vulnerable

  • November 27, 2024
  • - No Comments

Over 1 million registered domains could be vulnerable to a cyberattack method known as “Sitting Ducks,” as recently unveiled in a new report from Infoblox Threat Intel.

This relatively unknown attack vector allows malicious actors to hijack legitimate domains by exploiting misconfigurations in DNS settings.

The Sitting Ducks attack, which has been active since 2018, enables threat actors to gain full control of a domain by taking over its DNS configurations.

Infoblox’s monitoring initiative identified approximately 800,000 vulnerable domains, with about 70,000 of those already hijacked.

Threat Groups

Several threat actor groups have been exploiting this attack vector:

  1. Vacant Viper: Active since December 2019, hijacking an estimated 2,500 domains annually to augment their malicious traffic distribution system called 404TDS.
  2. Vextrio Viper: Operating since early 2020, using hijacked domains as part of a massive traffic distribution system infrastructure.
  3. Horrid Hawk: Active since February 2023, using hijacked domains for investment fraud schemes across multiple languages and continents.
  4. Hasty Hawk: Since March 2022, has hijacked over 200 domains for phishing campaigns, primarily spoofing DHL shipping pages and fake donation sites.

The attack is particularly dangerous due to its stealthy nature. Hijacked domains often retain their positive reputation which allows them to evade detection by security tools.

This makes it challenging for security teams to identify and mitigate the threat. The impact of Sitting Ducks attacks is far-reaching, affecting organizations, individuals, and security teams.

Businesses face reputational damage, while individuals risk malware infections, credential theft, and fraud.

Security teams struggle to defend against these attacks due to the use of trusted domains in malicious infrastructure.

To protect against Sitting Ducks attacks, domain holders, registrars, and DNS providers must ensure correct configurations and implement proper ownership verification processes.

Increased awareness and vigilance within the cybersecurity community are crucial to addressing this growing threat.

Credit: Cybersecurity News

  • News
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Company

Cyber Training Group International (CTGI) is a Cyber Security Training Institute That Empowers Clients. Your one-stop online platform for all your cyber security awareness and training.

Most Recent Posts

  • All Post
  • Article
  • Development
  • News
  • Uncategorized

Join Our Webinar

We schedule regular webinars across different geographies and time zones.

REGISTER NOW

Our vision is to create and deliver Cyber Security Awareness training to the NGOs, Small Medium Businesses, and Enterprises to help them reduce exposure to cyber security attacks.

Quick Links

About Us

Capabilities

Cyber Sec. News

Partners

Contact

Features

Sign Up

Courses

Home

Blog

Recent Posts

Copyright © 2024 Cyber Training Group International | All Rights Reserved

Facebook-f Twitter Instagram