Iranian hackers suspected in worldwide DNS hijacking campaign

US cybersecurity firm FireEye has uncovered an extremely sophisticated hacking campaign during which a suspected Iranian group redirected traffic from companies all over their globe through their own malicious servers, recording company credentials for future attacks.

More security news

Affected organizations include telecoms, ISPs, internet infrastructure providers, government, and sensitive commercial entities across the Middle East, North Africa, Europe, and North America. FireEye analysts believe an Iranian-based group is behind the attacks, although there is no definitive proof for exact attribution just yet. Researchers said the entities targeted by the group have no financial value, but they would be of interest to the Iranian government.

Analysts also said they found that some of the victims’ infrastructure were accessed during these attacks by Iranian IP addresses that have been previously observed while FireEye responded to other attacks –which were attributed to Iranian cyber-espionage actor in the past. In a technical report released today, FireEye provides an insight into these attacks, which have been happening since at least January 2017. The FireEye analysts behind this report described the scope and impact of this campaign on Twitter as “huge.”

Attackers didn’t just spear-phish victims to collect email credentials, like most cyber-espionage groups tend to do, but instead modified DNS records for company IT resources to reshape internet traffic inside organizations and hijack the parts they wanted.

FireEye says it identified three different techniques used for these attacks, each just as complex as the next: Technique 1: Attackers change DNS records for victim’s mail server to redirect it to their own email server. Attackers also use Let’s Encrypt certificates to support HTTPS traffic, and a load balancer to redirect victims back to the real email server after they’ve collected login credentials from victims on their shadow server.

Image: FireEye

Technique 2: Same as the first, but the difference is where the company’s legitimate DNS records are being modified.

In the first technique, attackers changed DNS A records via an account at a managed DNS provider, while in this technique attackers changed DNS NS records via a TLD (domain name) provider account.

Image: FireEye

Technique 3: Sometimes also deployed as part of the first two techniques. This relies on deploying an “attacker operations box” that responds to DNS requests for the hijacked DNS record. If the DNS request (for a company’s mail server) comes from inside the company, the user is redirected to the malicious server operated by attackers, but if the request comes from outside the company, the request is directed to the real email server.

Image: FireEye

All these attacks rely on the attackers’ ability to change a company’s DNS records, which very few people inside a company can do.

This often requires access to accounts at domain registrars, companies that provide managed DNS services, or on internal DNS servers, a company might be running. “While the precise mechanism by which the DNS records were changed is unknown, we believe that at least some records were changed by compromising a victim’s domain registrar account,” FireEye said, clarifying that its investigation into this global hacking campaign is still very much ongoing. The US cyber-security firm also pointed out that this type of attack is very hard to defend against because attackers are not accessing a company’s internal network in most cases, and aren’t likely to trigger alarms with local security software.

The first steps to fight against this attacks, as FireEye recommends, is to enable two-factor authentication for DNS and TLD management accounts, and then set up alerts for any changes to DNS A or NS records changes.

More cybersecurity news:

Ismartdigi DNS-N18BR Quality Canvas Shoulder Strap for DSLR Cameras - WhiteIsmartdigi DNS-N18BR Quality Canvas Shoulder Strap for DSLR Cameras - White - More Info

Shin Megami Tensei Devil Summoner Soul Hackers Used Nintendo 3DS GameSoul Hackers delivers a first-person, dungeon-crawling RPG experience set in a future where technology and otherworldly forces meet in a macabre fusion of cyberpunk futurism and gothic horror. A first-person sci-fi RPG epic, Soul Hackers tells of a city held up as a beacon of humanity's triumph of technology, but with an infernal secret. In this would-be utopia, a group of hackers takes on a centuries-old mystic society, and a battle for control over humanity's fate is about to begin. Features: - Keeping the tradition of Shin Megami Tensei: Players will have the compelling choice throughout their dungeon exploration to fight the enemy demons, or negotiate with them in an attempt to turn them into allies and teammates! - Classic dungeon-crawling strikes back with more: Players who have already played the original will also experience 30 newly added demons, along with a new opening animation movie and theme song. There's also an extra dungeon, where players will witness the appearance of Raidou Kuzunoha from the previous Devil Summoner games! - Utilize Nintendo 3DS functionality: Players can use the Nintendo 3DS bottom screen as an auto-mapping system; engage a COMP hack to change difficulty levels on the fly and fill out maps without having to traverse the area!. With free UK delivery and covered by our quality guarantee, saving you money on your DVDs. Delivered within 5-7 working days. - More Info

Digimon Story: Cybersleuth - Hackers MemoryHack your way to the truth! After being accused of a crime he didn’t commit, Keisuke Amazawa has no choice but to dive into the digital world and investigate to prove his innocence. Even if that means joining a group of hackers and help them to solve the troubles threatening this mysterious universe. Between real and digital, here lies the truth! Features: Cyber Punk Atmosphere: Dive into a deeper and darker adventure, at crossroads between real and digital Deep and Addictive Gameplay: Experience the perfect mix between adventure, raining and battle with over 320 Digimon to discover. Enjoy a wider range of battle strategies in a classic turn based gameplay enhanced by Digimon’s skills, compatibilities and combos. The Untold Story: Discover the mysterious backstory to the events that happened in ‘Digimon Story: Cyber Sleuth’ - More Info - EAN: 3391891994644

DeLonghi DNS65 Dehumidifier 520 W 0.25 l/h Cream, BrownExtra-quietWith only 34 dB the DNS 65 very quiet. This low noise load enables the dehumidification technology without a compressor.Especially lightThe DNS 65 is with only 6.5 kilograms a light-weight and is therefore very easy to transport. The fold-out carry handles simplify the transport.Particularly efficient performanceWithout a compressor removes the dehumidifier from the air humidity up to 6 liters per day (at 30 °C/80% humidity)At temperatures of around 20° and 60% humidity works the DNS 65 exactly as efficient as a device with a compressor.Laundry drying functionWithout the desired humidity extra setting, the device operates continuously and thus ensures faster drying the laundryThis text is machine translated. - More Info - EAN: 8004399481022

WATCH_DOGS 2 Used XBOX ONE GameWatch_Dogs, the open-world franchise of paranoia, hackers and a dystopian near future is back on our screens. In 2016, ctOS 2.0, an advanced Internet of Things operating system for running an entire city's infrastructure, was brought online in several US cities to create safer, more efficient metropolises. Flash forward, and that vision is not exactly what has come to pass. You take on the role of series newcomer Marcus Holloway and team up with Dedsec, a group of renegade hackers dedicated to exposing the misuse of ctOS 2.0 by corporations to monitor and manipulate citizens on a massive scale. Like the game's predecessor, players complete a series of missions that involve a mixture of action and hacking mechanics, through which players set in motion chains of events using their in-game smartphone to hack drones, cars, security robots and much more. The game moves the action to sunny San Francisco to inject a bit more light and vibrancy into the series, with Marcus younger and quicker on his feet than his predecessor, making for faster parkour. As well as its sprawling single-player campaign, the game features several multiplayer modes. Perhaps the most interesting is the option to infiltrate another player's game world, stalking and hacking them, then engaging in an epic game of cat and mouse across the rooftops! For those looking for a wider game, there's also a free mode in which up to eight players can experiment with how they want to play the game. The future is yours for the taking!. With free UK delivery and covered by our quality guarantee, saving you money on your DVDs. Delivered within 5-7 working days. - More Info

You may also like...

Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games