Federal authorities and private researchers are warning companies about a wave of domain hijacking attacks using relatively novel techniques to compromise targets at an almost unprecedented scale.
Security firm FireEye said the attacks, which have been active since January 2017, use three different methods to manipulate the Domain Name System (DNS) records allowing computers to find a company's computers on the Internet.
By replacing the legitimate Internet Protocol address for a domain with a booby-trapped address, attackers can cause that website to carry out malicious activities, including harvesting users' login credentials.
The techniques detected by FireEye researchers are especially effective because they allow attackers to obtain valid Transport Layer Security certificates that prevent browsers from detecting the hijacking.
One such technique involves changing the DNS A record, which works when the attackers have previously compromised login credentials for the administration panel of the target's DNS provider.
From Ars Technica
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA