The Download
Security researchers disclosed the "Sitting Duck" vulnerability has been exploited to hijack over 35,000 domains already, with over 1 million domains vulnerable to the sitting duck attack. The attack works by exploiting flaws at the registrar level and insufficient ownership verification by DNS providers. This attack allows cybercriminals to take control of domains without accessing the owner's account, enabling activities like spam, phishing, and malware distribution. The attack persists due to poor DNS configurations, such as lame delegation, and unverified domain claims by DNS providers.
A lame delegation occurs when a DNS server is listed as an authoritative server for a domain but does not respond to DNS queries for that domain. This can happen if the server is incorrectly configured or not set up to handle the domain it is supposed to be authoritative for. Lame delegations can lead to DNS resolution failures, making it easier for attackers to exploit DNS vulnerabilities and hijack domains.
What You Can Do
To protect your domains from the Sitting Duck attack, companies should implement strict DNS configuration practices, such as regularly auditing DNS records to avoid lame delegations. They should work with registrars who provide robust security measures, including multi-factor authentication and proactive alerts for potential vulnerabilities. Additionally, companies should ensure that DNS providers verify domain ownership before allowing changes. Use ThreatMate to scan your domains for vulnerabilities and proper implementation of mail exchange security.
To Learn More: