A DNS hijacking wave is targeting companies at an almost unprecedented scale


Userlevel 7
Badge +48

Clever trick allows attackers to obtain valid TLS certificate for hijacked domains.


January 11th 2019, By Dan Goodin

Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that’s using relatively novel techniques to compromise targets at an almost unprecedented scale.

The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company's computers on the Internet. By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting user’s login credentials. The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking.

Full Article.

0 replies

Be the first to reply!

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings