Sign In

Communications of the ACM

ACM TechNews

A DNS Hijacking Wave Is Targeting Companies at an Almost ­nprecedented Scale

View as: Print Mobile App Share:
The attacks use three different methods to manipulate Domain Name System records.

Companies are being warned about a wave of domain hijacking attacks.


Federal authorities and private researchers are warning companies about a wave of domain hijacking attacks using relatively novel techniques to compromise targets at an almost unprecedented scale.

Security firm FireEye said the attacks, which have been active since January 2017, use three different methods to manipulate the Domain Name System (DNS) records allowing computers to find a company's computers on the Internet.

By replacing the legitimate Internet Protocol address for a domain with a booby-trapped address, attackers can cause that website to carry out malicious activities, including harvesting users' login credentials.

The techniques detected by FireEye researchers are especially effective because they allow attackers to obtain valid Transport Layer Security certificates that prevent browsers from detecting the hijacking.

One such technique involves changing the DNS A record, which works when the attackers have previously compromised login credentials for the administration panel of the target's DNS provider.

From Ars Technica
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account