Security News > 2024 > August > Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique

Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique
2024-08-01 14:10

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack.

"In a Sitting Ducks attack, the actor hijacks a currently registered domain at an authoritative DNS service or web hosting provider without accessing the true owner's account at either the DNS provider or registrar," the researchers said.

"Sitting Ducks is easier to perform, more likely to succeed, and harder to detect than other well-publicized domain hijacking attack vectors, such as dangling CNAMEs."

At issue is the incorrect configuration at the domain registrar and the authoritative DNS provider, coupled with the fact that the nameserver is unable to respond authoritatively for a domain it's listed to serve.

In such a scenario, should the authoritative DNS service for the domain expire, the threat actor could create an account with the provider and claim ownership of the domain, ultimately impersonating the brand behind the domain to distribute malware.

The Sitting Ducks attack has been weaponized by different threat actors, with the stolen domains used to fuel multiple traffic distribution systems such as 404 TDS and VexTrio Viper.


News URL

https://thehackernews.com/2024/08/over-1-million-domains-at-risk-of.html