ICANN hit by successful spear phishing attack

  • 17 December 2014
  • 2 replies
  • 1 view

Userlevel 7
Badge +54
Posted by Paul Mutton on 17th December, 2014
 
The Internet Corporation for Assigned Names and Numbers (ICANN) has fallen victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN's systems, including its Centralized Zone Data Service (CZDS).
In an email alert sent this morning, ICANN said it believes a spear phishing attack in November resulted in several ICANN staff members' email credentials being compromised. The stolen passwords were then used to gain unauthorised access to multiple ICANN systems, which could have resulted in other usernames and passwords being compromised.
Although CZDS passwords are stored as salted hashes, ICANN has taken the precaution of deactivating passwords and API keys used on the compromised CZDS service. ICANN implemented some security enhancements earlier this year, which it believes limited the extent of the unauthorised access, and has implemented further measures since this attack.
 
Full Article

2 replies

Userlevel 7
Badge +54
18 December 2014
 
EXCERPT
 
“The attack resulted in the compromise of the email credentials of several ICANN staff members,” the announcement reads, noting that the attack happened in late November and was discovered a week later.
With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog.
The CZDS provides authorized parties with access to all the zone files of the world’s generic top-level domains. It is not possible to alter those zone files from within the system, but the hackers did manage to obtain all the information of those who are registered with the system, which include many of the administrators of the world’s registries and registrars.
 
Full Article
Userlevel 7
The following article is a update

ICANN: 'Most Critical' Systems Not Affected in Recent Breach

By Mike Lennon on December 22, 2014
 
On Dec. 16, Internet Corporation for Assigned Names and Numbers (ICANN) said it fell victim to a spear phishing attack that resulted in email credentials of several ICANN staff being compromised.
The incident, which occurred in late November and was discovered in early December, allowed attackers to access the Centralized Zone Data System and the ICANN GAC Wiki.
The attacker(s) were able to poke around ICANN systems and obtain administrative access to all files in the CZDS, including copies of the zone files in the system, as well as user information such as name, postal address, email address, fax and telephone numbers, username, and password, according to the original announcement.
http://www.securityweek.com/sites/default/files/DNSChanger-Malware..jpgFortunately, ICANN said that those compromised accounts did not have access to the IANA functions systems, which the organization says are a separate system with additional security measures that have not been breached.
 
full article
 

Reply