Organizations at risk from sitting ducks attack, threat intelligence analysts say
A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber attacks eye-opening. Here’s what you need to know.
What Are Sitting Duck Cyber Attacks?
The hijacking of internet domains is a threat vector that has been around almost as long as domain names became a commercial asset. Hands up if you are old enough to remember the lengthy court battle over the .sex domain which ended with a $65 million damages award? A new Infoblox report, however, has revealed how the threat has evolved into an ongoing attack methodology, the sitting duck vulnerability, and the risks it brings to organizations and consumers alike.
The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability such an attack exploits. “The attack takes advantage of misconfigurations in the Domain Name System settings for an internet domain,” the threat intelligence analysts said, “specifically when the domain server points to the wrong authoritative name server.” I called this a vulnerability, as did the security researchers and threat intel experts at Infoblox, yet lame delegation, to give it a formal name, is not considered an official one by the common vulnerabilities and exposures rating system, nor by the Cybersecurity and Infrastructure Security Agency. This lack of official attention, Infoblox moots, could be why hackers and other threat actors are consistently flying under the radar as far as sitting duck cyber attacks are concerned. During the attack, the threat actor can grab full control over the domain in question, be that a well-known brand, a government agency or just your bog-standard website that can then be used for nefarious purposes. There have also been recent warnings about cyber attacks using hijacked email domains from the FBI, as another way in which domains can be seen as a valuable exploit tool.
The Impact Of Falling Victim To Sitting Duck Cyber Attacks
Once a hacker has gained control over the now compromised domain, the fun really starts. Well, I say fun, but I mean the malicious intent and harm that is wrought upon innocent victims. The threat actors, as observed by the Infoblox threat intelligence analysts, will often establish an attack infrastructure that is capable of evading detection. “The positive reputation of the hijacked domains enables them to be seen by security controls as safe or benign,” they said, “which then allows users to connect to the compromised and weaponized site.” Because there is a relatively low entry barrier to the execution of these sitting duck cyber attacks, and coupled with the obfuscation techniques that can be applied to exploit steps taken following the compromise, many cybercrime groups are being attracted to the threat vector and so the inevitable upwards spiral of attacks continue.
Mitigating Sitting Duck Cyber Attacks
The good news, if any is to be found here, is that while sitting duck cyber attacks are easy to exploit they are also easy to mitigate successfully. “They are also entirely preventable with correct configurations at the domain registrar and DNS providers,” the Infoblox report said, “the domain holder owns their domain configurations, and both registrars and DNS providers can make these types of hijacks harder to perform or easier to remediate.”
