15 November 2024, Fri |
9:48 PM
Infoblox Threat Intel has released a new report highlighting the growing threat of domain hijacking through the Sitting Ducks attack vector. This underrecognized cybersecurity issue has become a significant risk for organizations, with over 1 million registered domains potentially vulnerable to these attacks each day.
The Sitting Ducks attack involves cybercriminals taking control of a domain by compromising its DNS settings. Infoblox’s latest findings, following its initial July 2024 research, reveal that over 800,000 domains are vulnerable to hijacking, with about 70,000 already compromised. Victim domains include well-known brands, non-profits, and government entities, making this a widespread issue that requires immediate attention.
Malicious Actors and Tactics Behind Domain Hijacking
Infoblox’s research uncovers several malicious actors using the Sitting Ducks attack for their cybercriminal activities. One notable actor, Vacant Viper, has been hijacking an estimated 2,500 domains annually since 2019. This actor uses hijacked domains to run malicious spam operations, distribute malware such as DarkGate and AsyncRAT, and establish remote access trojan (RAT) command-and-control systems.
Another significant actor, Vextrio Viper, has been using hijacked domains in its traffic distribution system (TDS) since early 2020. Vextrio operates the largest known cybercriminal affiliate program, routing compromised web traffic to over 65 affiliate partners who also hijack domains for malicious purposes.
Newly discovered actors, Horrid Hawk and Hasty Hawk, are also exploiting hijacked domains for a range of criminal activities. Horrid Hawk uses hijacked domains to promote fraudulent investment schemes, while Hasty Hawk conducts widespread phishing campaigns, spoofing DHL shipping pages and fake donation sites for Ukraine.
Urgent Need for Proactive Defense Against Domain Hijacking
Mohammed Al-Moneer, Senior Regional Director, META at Infoblox, stressed the need for organizations to be aware of the risks posed by Sitting Ducks attacks. “As our research shows, cybercriminals are leveraging hijacked domains to amplify their malicious campaigns. With over 800,000 vulnerable domains identified, businesses must implement stronger defenses to protect against these evolving threats,” Al-Moneer said.
Infoblox continues to provide essential DNS security intelligence, helping organizations better defend their networks against domain hijacking and other DNS-based attacks.
