Dozens of Russia-linked criminals are currently trying to take control of web domains by exploiting weak DNS services.
1 million domains can be stolen with a Sitting Duck Attack
The crooks have already hijacked an estimated 30,000 domains since 2019, using a technique called Sitting Ducks by cybersecurity outfits Infoblox and Eclypsium.
The flaw at its core has been known since at least 2016, when security researcher Matt Bryant detailed the takeover of 120,000 domains using a DNS vulnerability at major cloud providers such as AWS, Google and Digital Ocean. It resurfaced in 2019 at ISP GoDaddy, leading to bomb threats and sextortion attempts.
The fact that Sitting Ducks remain a viable avenue for seizing domains is a testament to the difficulty of addressing vulnerabilities that arise from poor business processes, rather than coding bugs. The technology is difficult to detect or distinguish from identity theft and is very harmful to those caught off guard by it.
