'Sitting Ducks' Attacks Create Hijacking Threat for Domain Name Owners

More than a dozen Russian cybercriminals are taking advantage of opening in the Domain Name System (DNS) by deploying the "Sitting Ducks" attack that targets DNS providers.

In this kind of attack, a threat actor gains unauthorized access to a registered domain and conducts whatever activity they please, including impersonating the legitimate owner. This activity ranges from malware delivery and phishing campaigns to brand impersonation and data exfiltration. And the pool of exploitable domains is not small; the researchers at Infoblox and Eclypsium estimate that there are more than 1 million susceptible domains on any given day, with multiple ways to identify each of them.  

The attacks, according to the researchers, are easy to perform, difficult to contact, nearly completely unrecognizable, and most of all are "entirely preventable."

"While DNS serves as the backbone for Internet communication, it is often overlooked as a strategic attack surface," the researchers said. "Published attack vectors against DNS may be dismissed as inevitable and not receive the same level of mitigation as a software bug, creating a perfect attack surface for malicious actors."

To stop these kinds of attacks, the researchers recommend that domain name owners evaluate their risk, especially for domains 10 years or older. The researchers provide information on their blog post for how to evaluate a domain and mitigate risks to their DNS services.