More than one million domains remain vulnerable to takeover by cybercriminals through exploitation of a notorious tactic known as domain hijacking?
Russian-nexus cybercriminals are exploiting DNS vulnerabilities to secretly seize control of hundreds of domains, according to a collaborative analysis unveiled by leading cybersecurity firms and experts.
Researchers noted that in a Sitting Geese attack, the perpetrator seizes control of a currently registered domain by exploiting vulnerabilities in the authoritative DNS service or internet hosting provider without authenticating as the legitimate owner through either the registry or registrar.
“Sitting geese are simpler to execute, more likely to succeed, and easier to detect than widely publicized area hijacking tactics like.”
When a website is compromised by a malicious actor, it can be leveraged for a range of illicit activities, including distributing malware, launching spam campaigns, and exploiting the trusted reputation of its legitimate owner.
The particulars of a pernicious cyberattack method were first exposed by The Hacker Weblog in 2016, yet this threat remains largely unknown and unresolved to date. Estimates suggest that more than 35,000 domain names have fallen victim to cybercriminals’ tactics since the beginning of 2018, leaving their owners vulnerable and exposed.
“It’s a thriller for us,” Dr. Renee Burton, vice chairman of Menace Intelligence at Infoblox, spoke with The Hacker Information. We frequently receive inquiries from prospective customers, such as those concerning dangling CNAME attacks that also involve the hijacking of forgotten data; however, we’ve never received a question about a Sitting Geese hijack.
The challenge lies in the incorrect configuration of the area registrar and authoritative DNS provider, compounded by the fact that the nameserver is unable to respond authoritatively for a domain it is supposed to serve.
The revised text reads:
This vulnerability necessitates an exploitable authoritative DNS provider, enabling attackers to seize control of the domain on the delegated authoritative DNS provider, without requiring access to the legitimate owner’s account with the domain registrar.
Should the authoritative DNS service for the region expire, a malicious actor could potentially create an account with the provider, claiming ownership of the domain, thereby impersonating the rightful owner to disseminate malicious code.
“With numerous variations of Sitting Ducks emerging, confusion arises when a website is registered and delegated by a provider yet remains unconfigured, according to Burton.”
The Sitting Geese attack has been leveraged by various malicious threat actors, utilizing the compromised domains to distribute numerous visitors via tactics like Vacant Viper and other similar techniques. Additionally, the technology has been leveraged to combat bomb threats, hoax hoaxes, and sextortion scams effectively.
“Companies should critically assess their domain portfolios to identify underperforming assets and consider partnering with reliable DNS providers that offer robust security features, including protection against attacks from sitting ducks.”
