Security News > 2024 > July > Russia takes aim at Sitting Ducks domains, bags 30,000+

Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.

The crooks have already hijacked an estimated 30,000 domains since 2019, by using a technique dubbed Sitting Ducks by cybersecurity outfits Infoblox and Eclypsium.

The flaw at the heart of the matter has been known since at least 2016, when security researcher Matt Bryant detailed the takeover of 120,000 domains using a DNS vulnerability at major cloud providers such as AWS, Google, and Digital Ocean.

The fact that Sitting Ducks remains a viable avenue for seizing domains is a testament to the difficulty of addressing vulnerabilities that arise from shoddy business processes, rather than coding bugs.

"Sitting Ducks is easier to perform, more likely to succeed, and harder to detect than other well-publicized domain hijacking attack vectors, such as dangling CNAMEs. At the same time, Sitting Ducks is being broadly used to exploit users around the globe. Our analysis showed that the use of Sitting Ducks has grown unabated over several years and unrecognized in the security industry."

The Sitting Ducks vulnerability affects not only the owners of domains that get taken over but those interacting with those sites online.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/31/domains_with_delegated_name_service/