A DNS hijacking wave is targeting companies at an almost unprecedented scale

January 10, 2019
Traffic sign indicating which direction to follow in the event of a tsunami.

Enlarge (credit: Quentin Meulepas / Flickr)

Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that use relatively novel techniques to compromise targets at an almost unprecedented scale.

The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company’s computers on the Internet. By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting users’ login credentials. The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking.

“A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben Read wrote in a report published Thursday. “They include telecoms and ISP[s], government and sensitive commercial entities.” The campaign, they added, is occurring around the globe at “an almost unprecedented scale, with a high degree of success.”

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Da Feed

Author: Da Feed

The Charles Tendell Show aggregates the best content from all over the web. Check out the latest in tech, politics, and more at thecharlestendellshow.com/news. Get your own website added to the feed by contacting us today!

Comments are closed.

© 2016 The Charles Tendell Show