Don’t Let Your Domain Name Become a “Sitting Duck”
KrebsOnSecurity
|
Contributed by: Drex DeFord
Summary
New research reveals that over a million domain names, including those registered by major Fortune 100 firms, are susceptible to being hijacked due to weak authentication methods employed by various web hosting providers and domain registrars. The issue stems from "lame" DNS records, which happen when a domain's authoritative name server lacks sufficient information to resolve queries. This vulnerability allows cybercriminals to assume control of these domains without accessing the legitimate owner’s account, a method previously exploited in high-profile cases to send bomb threats and phishing emails. The research, conducted by Infoblox and Eclypsium, notes that this has been an ongoing issue, with numerous DNS providers still failing to implement adequate domain ownership verification. The hijacked domains, termed "Sitting Ducks," are often used for malicious activities, including phishing and malware distribution. Despite some improvements and ongoing efforts by a few providers, more cooperation among all stakeholders and better regulatory measures are necessary to mitigate these risks.
