YOUR AD HERE
A Sitting Duck attack allows hackers to claim domains from DNS providers without needing to have access to the legitimate domain owner’s account via lame delegation and insufficient validation of domain ownership. File photo: Elena Alex Ferns, ShutterStock.com, licensed.PALM BEACH, FL – A critical vulnerability within the Domain Name System (DNS) has been unearthed and exploited by dozens of cybercriminals and hackers originating from Russia to take over thousands of domain names, according to cybersecurity researchers from Infoblox and Eclypsium.
An estimated 30,000 legitimate domains have been hijacked by the digital thieves since 2019, experts say, utilizing a technique known as “Sitting Ducks” that exploits weak DNS services.
The problem was initially discovered in 2016, but has seen a large rise in its use in 2024, according to Infoblox and Eclypsium, with the two groups partnering with law enforcement and national Computer Emergency Response Teams (CERTs) in order to help combat the issue.
A Sitting Duck attack allows hackers to claim domains from DNS providers without needing to have access to the legitimate domain owner’s account via lame delegation and insufficient validation of domain ownership, which Infoblox and Eclypsium say are a very concerningly common nature of domains that can make them highly exploitable.
This issue is currently so widespread that over one million vulnerable domains can be targets of Sitting Ducks per day due to the attack being easy to carry out while at the same time being hard to detect. Once in their possession, cybercriminals can use the highjacked domains for a number of nefarious purposes, such as malware delivery, phishing campaigns, brand impersonation and data exfiltration.
However, Infoblox and Eclypsium say that domain owners can take steps to protect themselves from Sitting Duck attacks, such as monitoring for lame delegations and making sure that any DNS provider that you are dealing with has procedures in place to ensure that they thoroughly verify the ownership of any given domain before any degree of access is given.
In addition, Infoblox and Eclypsium are slated to address the Sitting Duck issue further at an upcoming Black Hat Briefing – a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world – in order to raise awareness and forge collaborations to combat it.
Filed Under: Domain Names, Security Issues Tagged With: Access, Account, Address, Allows, Attack, Attacks, Black Hat, Brand, Briefings, Campaigns, CERTs, Claim, Combat, Common, Computer, Computer Security, Conference, Consulting, Corporations, Cybercriminals, Cybersecurity, Data, Delegations, Delivery, Detect, Digital Thieves, Discovered, DNS, DNS Services, Domain, Domain Name, Domain Names, Domains, Duck, Ducks, Eclypsium, Emergency, Exfiltration, Experts, Exploitable, Exploited, Exploits, Government Agencies, Groups, Hackers, Hard, Highjacked, Hijacked, Impersonation, Infoblox, Insufficient, Issue, Lame Delegation, Law Enforcement, Legitimate, Malware, Monitoring, Name, National, Nature, Needing, Nefarious, Owner, owners, Ownership, Partnering, Phishing, Possession, Problem, Protect, Providers, Raise Awareness, Researchers, Response, Russia, Sitting, Steps, System, Targets, Teams, Technique, Training, Validation, Verify, Vulnerability, Vulnerable, Weak, Widespread, Without
English (US) ·