Experts have discovered a worrying trend of hijacked domains resulting from a cyberattack technique known as "Sitting Ducks." This method has been exploited by multiple threat actors over the years to transform legitimate domains into tools for phishing scams and investment fraud. According to a report from Infoblox, nearly 800,000 registered domains have been identified as vulnerable, with approximately 70,000 being hijacked in recent months.
Cybercriminals have utilized this technique since 2018, hijacking domain names that include those of reputable brands and government entities. Originally documented in 2016, "Sitting Ducks" did not receive significant attention until the widespread nature of hijackings became evident earlier this year.
Dr. Renee Burton, the vice president of threat intelligence at Infoblox, explained the rise in awareness regarding the dangers of these hijackings, although the number of incidents remains high. The "Sitting Ducks" attack capitalizes on vulnerabilities in the domain name system (DNS) configurations, where the DNS erroneously directs to incorrect authoritative name servers.
To execute this type of attack, attackers often rely on misconfigurations that permit them to take control over a domain without needing access to the legitimate owner’s registrar account. The stealthy nature of these hijackings is compounded by the positive reputation of many of the affected domains, making them less likely to raise red flags during security checks.
Notably, the hijacked domains are not only used for malicious activities but are also subjected to a technique called rotational hijacking, where a specific domain may be taken over multiple times by different threat actors.
Infoblox reports that many of the attackers utilize services that offer free DNS accounts, using these platforms as temporary bases for their operations before moving on after a few weeks. This pattern results in a constantly shifting landscape in which domains remain under threat.
Some of the identified actors in these hijacking schemes include Vacant Viper and Horrid Hawk, who have orchestrated phishing campaigns targeting delivery notifications and investment scams. The tactics of these criminals illustrate the wide range of malicious activities that can stem from hijacked domains, creating significant risks for both businesses and individuals.
In conclusion, the prevalence of "Sitting Ducks" attacks underscores the necessity for vigilant domain management and DNS configuration to mitigate the risks presented by these cybercriminals.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.