Threat of the month: Domain hijacking

December 2, 2013

What is it?

Domain hijacking is a popular attack technique that has been used to compromise major domains.

How does it work?

Attackers use social engineering or other tactics to gain access to credentials of the registrar.

Should I be worried?

Yes. If attackers gain access to your domain name system (DNS) records, your business and brand reputation are at risk. Attackers can redirect your web traffic to malicious websites to infect your customers with malware. They can also send and receive phony emails as your business and obtain an SSL certis in your name.

How can I prevent it?

First, ask for the results of your registrar's last security audit to ensure they have comprehensive security measures in place. Next, apply registry locks to prevent unauthorized domain changes. With registry locks in place, authorization from the top-level domain (TLD) owner and a secondary form of authentication are required to make changes.

Tod Beardsley

Tod Beardsley is employed at CISA, the Cybersecurity and Infrastructure Security Agency, part of the US government. He’s also a founder and CNA point of contact for AHA!. He spends most of his time involved in vulnerability research and coordinated vulnerability disclosure (CVD). He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as Rapid7, 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Tod is a CVE Board member has authored several research papers, and hosted the Security Nation podcast. He is also a Travis County Election Judge in Texas, and is an internationally-tolerated horror fiction expert.

Plain code with the word "cyberattack" in red.

Incident Response

Halliburton IT system issue confirmed amid reported cyberattack

SC StaffAugust 22, 2024

Such a reported cyberattack was neither confirmed nor denied by Halliburton, which only noted the ongoing investigation into the cause and extent of the identified issue.

Hacker attack computer hardware microchip while process data through internet network, 3d rendering insecure Cyber Security exploit database breach concept, virus malware unlock warning screen

Incident Response

Cyberattack impacts Microchip operations

SC StaffAugust 21, 2024

Impacted systems were isolated while others were taken down immediately after the discovery of the breach, said Microchip, a U.S. defense industry chip supplier, in a regulatory filing.

Closeup Google app with Google Workspace apps (Gmail, Google Calendar, Docs etc) on iPhone.

Breach

Cyberattack compromises Unicoin’s G-Suite account

SC StaffAugust 19, 2024

Investigation into the incident revealed that G-Suite account infiltration was accompanied by discrepancies in corporate accounts, especially among accounting department employees and contractors, and potential access to corporate managers' accounts and email messages, as well as possible identity forgery of a former contractor.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Threat of the month: Domain hijacking

Related

Halliburton IT system issue confirmed amid reported cyberattack

Cyberattack impacts Microchip operations

Cyberattack compromises Unicoin’s G-Suite account

Related Events

Don’t Panic! It’s Just a Cyber Incident

Your Approach to Incident Response for the Cloud Isn’t Good Enough: How to Make it Better

Best practices for effective incident response and business continuity management

Get daily email updates