More than one million web domains could be vulnerable to the Sitting Ducks attack technique that enables domain takeovers even without account access at the DNS provider or registrar, with over 35,000 domains already compromised with the technique by Russian threat actors since 2018, reports The Hacker News.
Domains impacted by attacks with Sitting Ducks, which involves the exploitation of domain registrar and authoritative DNS provider misconfigurations and lame delegation, have been leveraged to facilitate various traffic distribution systems, sextortion scams, and fake bomb threats, according to a joint report from Infoblox and Eclypsium. "Sitting Ducks is easier to perform, more likely to succeed, and harder to detect than other well-publicized domain hijacking attack vectors, such as dangling CNAMEs," said researchers. Several versions of the attack technique were also noted by Infoblox Vice President of Threat Intelligence Renee Burton. "Sitting Ducks is easier to perform, more likely to succeed, and harder to detect than other well-publicized domain hijacking attack vectors, such as dangling CNAMEs," Burton added.