A DNS hijacking wave is targeting companies at an almost unprecedented scale

EnlargeQuentin Meulepas / Flickr

Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that’s using relatively novel techniques to compromise targets at an almost unprecedented scale. The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company’s computers on the Internet. By replacing the the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting user’s login credentials.

The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking. “A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben Read wrote in a report published Thursday. “They include telecoms and ISP[s], government and sensitive commercial entities.” The campaign, they added, is occurring around the globe at “an almost unprecedented scale, with a high degree of success.” One DNS hijacking technique involves changing what’s known as the DNS A record.

It works when the attackers have somehow previously compromised the login credentials for the administration panel of the target’s DNS provider. The attackers then change the IP address of the targeted domain to one they control. With control over the domain, the attackers then use the automated Let’s Encrypt service to generate a valid TLS certificate for it.

Cisco’s Talos team previously described this method. With that in place, people who visit the targeted domain don’t access its legitimate server. Instead, they access an attacker-controlled server that connects back to the legitimate server to give visitors the impression nothing is amiss.

The attackers then collect usernames and passwords. End users receive no warnings and won’t notice any differences in the site they’re accessing except, possibly, for a longer-than-normal delay.

A DNS hijacking wave is targeting companies at an almost unprecedented scaleEnlargeFireEye

A second technique is similar except that it exploits a previously compromised domain registrar or ccTLD to change name server records.

A DNS hijacking wave is targeting companies at an almost unprecedented scaleEnlargeFireEye

The third technique uses a DNS redirector in tandem with one of the above two methods.

A DNS hijacking wave is targeting companies at an almost unprecedented scaleEnlargeFireEye

FireEye said attackers are using the techniques to hijack dozens of domains belonging to entities in North America, Europe, the Middle East, and North Africa. The company advised administrators to take a variety of measures, including:

  • ensure they’re using multifactor authentication to protect the domain’s administration panel
  • check that their A and NS records are valid
  • search transparency logs for unauthorized TLS certificates covering their domains and
  • conduct internal investigations to assess if networks have been compromised

The researchers assessed with moderate confidence that the attackers had a link to Iran, based on IP addresses they’re using.

“This DNS hijacking, and the scale at which it has been exploited, showcases the continuing evolution in tactics from Iran-based actors,” Thursday’s report concluded. “This is an overview of one set of [tactics, techniques, and procedures] that we recently observed affecting multiple entities.

We are highlighting it now so that potential targets can take appropriate defensive action.”

The National Cybersecurity and Communications Integration Center issued a statement that encouraged administrators to read the FireEye report.

EDIMAX Pro CAP1300 PoE WiFi access point 1.300 Mbps 2.4 GHz, 5 GHzPowerful solution for the modern business The CAP 1300 is a powerful WLAN solution, designed for use in the field of SMB, for an excellent network performance the basic requirement is. The product supports the latest 3x 3 IEEE 802.11AC Wave 2 technology for the simultaneous dual-band WLAN data transfer speed of up to 1300 Mbit/s.The device supports MU-MIMO (Multiple User-Multiple In Multiple Out) and BEAMFORMING. For reliability and power provides AirTime fairness, Band steering and an improved WLAN range. Combined with the industrial processing, the performance with fast WLAN. Transmission of data, the user-friendly operation and many other features, such as the practical set for the ceiling mounting, the CAP 1300 is the ideal solution for companies. The Edimax Pro Series offers a wide range of potential applications for companies, schools, universities, hospitals and hotels, safety, flexibility and speed.The capacity of the high signal density is designed for up to 200 clients, which is at the same time on the intranet or on the Internet. Ideal for byod (bring your own device) jobs or other environments, with a large number of mobile clients and devices.Multiple SSIDS can be configured for the individual departments or user groups and the integrated RADIUS server enables an additional verification with a scalable AP group architecture, for the central administration of the incorporated access points. For the flexibility in use. also ensure 802.11r/k fast roaming, for seamless transitions between the access points, Power over Ethernet (PoE) support and an intuitive, web-based management user interface with a wide range of management options for network administrators of companies. If performance and security are of crucial importance for companies need products that precisely these requirements. The Edimax Pro series has been specially developed to reproduce companies to support and the connectivity to deliver reliable must be present throughout the day, with safety and effectiveness are guaranteed.Outstanding high performance WLANSupports IEEE 802.11ac Wave 2 simultaneous dual-band with speeds of up to 1300 Mbit/s (2.4 GHZ at 400 Mbit/s and 5 GHz with 867 Mbit/s), for data with high bandwidth or for video transmission.Operated efficiently several devicesConnects multiple devices simultaneously with two spatial MU-MIMO streams and improves the efficiency of the WLAN.Optimal wireless performanceIs characterized by beamforming, AirTime fairness, an improved band steering WLAN-range, reliability, and performance. Is characterized by beamforming, AirTime fairness an improved WLAN by band-steering, as well as reliability and performance.Ideal choice for small and medium-sized enterprisesSuitable for a wide range of commercial applications, such as offices, hotels, conference rooms, schools, universities, resorts, retail and much moreThis text is machine translated. - More Info - EAN: 4717964702753

Rose Full Standard 'Carris' potted 1.2M tallarris produces wave upon wave of attractive, lightly scented, bold scarlet blooms repeat flowering, it will transform your garden with rich colour throughout summer each year, for years to come! A highly versatile variety with an upright, strong habit, it does well in almost any garden situation. Fantastic for cutting for indoor flower displays, and because it is so floriferous, youll never be short of flowers! Colour: Scarlet Fragrance: 2/10 - More Info

Ismartdigi DNS-N18BR Quality Canvas Shoulder Strap for DSLR Cameras - WhiteIsmartdigi DNS-N18BR Quality Canvas Shoulder Strap for DSLR Cameras - White - More Info

Supreme Commander Used XBOX 360 Gamehe year is 3844. The Infinite War has raged for over a thousand years between three human factions: United Earth Federation (UEF); the Aeon Illuminate and the Cybran Nation. Quantum Gate technology grants any of the factions almost instantaneous travel across the galaxy. Massive armoured command units can construct and unleash entire armies anytime and anywhere. The Infinite War has claimed billions of lives. Entire planets have been turned into nothing more than dead rocks floating in space. As the titular Supreme Commander, there is no room for compromise or mercy - only you can put an end to the Infinite War. Developer Gas Powered Games promised combat on an unprecedented scale and that, ladies and gentlemen, is what we get. The game is certainly no slouch when it comes to delivering an assortment of land, sea and air units, war raging across sun-baked desertscapes, vast oceans and frozen tundras. Some of the weaponry available too is truly 'from the future'. A winner of six awards for best strategy game at E3 2006, Supreme Commander has a depth of gameplay you might just get lost in. The big question is...just what happens when the war is over? We're not telling, but you'll have a helluva time finding out.. With free UK delivery and covered by our quality guarantee, saving you money on your DVDs. Delivered within 5-7 working days. - More Info

Eisco PH0769 - Ripple Tank & AccessoriesEisco Basic and Advanced Ripple Tank Kits - Eisco PH0769, This advanced ripple tank from EISCO is supplied complete with all the accessories needed for wave investigations. Each water wave acts similarly to a curved lens. The crest of the wave is seen as a bright region and the trough is seen as a dark region.Inside the ripple tank is a mechanical vibrator attached to a wave generator that produces either point wavelets or parallel wave fronts. Various obstructions and barriers can be inserted into the path of the wave, such as a single slit, a double slit or an edge.The tank is intensely illuminated by a strong light source, and synchronized with the wave generator to help students observe the wave patterns on a workgroup table. The frame is made of reinforced plastic and with foam beaches (to negate reflections). The tank includes a mirror, which can be mounted at 45°, to project the ripples onto a translucent screen on one side of the unit. Eisco PH0769 - Ripple Tank & Accessories - More Info

You may also like...

Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games