Threat of the month: Domain hijacking

Share this article:
Threat of the month: Domain hijacking
Threat of the month: Domain hijacking

What is it? 

Domain hijacking is a popular attack technique that has been used to compromise major domains. 

How does it work? 

Attackers use social engineering or other tactics to gain access to credentials of the registrar.  

Should I be worried? 

Yes. If attackers gain access to your domain name system (DNS) records, your business and brand reputation are at risk. Attackers can redirect your web traffic to malicious websites to infect your customers with malware. They can also send and receive phony emails as your business and obtain an SSL certis in your name.

How can I prevent it? 

First, ask for the results of your registrar's last security audit to ensure they have comprehensive security measures in place. Next, apply registry locks to prevent unauthorized domain changes. With registry locks in place, authorization from the top-level domain (TLD) owner and a secondary form of authentication are required to make changes.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Threat of the Month

Sign up to our newsletters

TOP COMMENTS

More in Threat of the Month

Threat of the month: Passwords

Threat of the month: Passwords

The argument around the use of passwords and their relevancy today continues to increase.

Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Threat of the month: Drive-by download

Threat of the month: Drive-by download

The pervasiveness of drive-by downloads has made it our threat of the month for May.