Incident Response, TDR

Threat of the month: Domain hijacking


What is it? 

Domain hijacking is a popular attack technique that has been used to compromise major domains. 

How does it work? 

Attackers use social engineering or other tactics to gain access to credentials of the registrar.  

Should I be worried? 

Yes. If attackers gain access to your domain name system (DNS) records, your business and brand reputation are at risk. Attackers can redirect your web traffic to malicious websites to infect your customers with malware. They can also send and receive phony emails as your business and obtain an SSL certis in your name.

How can I prevent it? 

First, ask for the results of your registrar's last security audit to ensure they have comprehensive security measures in place. Next, apply registry locks to prevent unauthorized domain changes. With registry locks in place, authorization from the top-level domain (TLD) owner and a secondary form of authentication are required to make changes.

Tod Beardsley

Tod Beardsley is employed at CISA, the Cybersecurity and Infrastructure Security Agency, part of the US government. He’s also a founder and CNA point of contact for AHA!. He spends most of his time involved in vulnerability research and coordinated vulnerability disclosure (CVD). He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as Rapid7, 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Tod is a CVE Board member has authored several research papers, and hosted the Security Nation podcast. He is also a Travis County Election Judge in Texas, and is an internationally-tolerated horror fiction expert.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.