Sitting Ducks attacks, a significant threat in cybersecurity, involve hijacking domains by exploiting DNS misconfigurations. With an alarming estimate of over 1 million vulnerable domains, these attacks are executed easily by threat actors and can go undetected by security teams. This report highlights the broad impact of these attacks on various sectors, revealing case studies of malware distribution and scams that use hijacked domains to mislead users. Affected: cybersecurity sector, organizations, individuals, security teams
Keypoints :
- Sitting Ducks attacks leverage DNS misconfigurations to hijack domains.
- Over 1 million domains estimated to be vulnerable to these attacks.
- Malicious actors have used this method since 2018 to hijack numerous domains.
- Both known brands and government entities have fallen victim to these hijacks.
- The concept of ‘lame delegation’ is a key vulnerability in the attack vector.
- Hijacked domains can be used to create malicious infrastructure for evading detection.
- Rotational hijacking is a common tactic where multiple actors target the same domain.
- New threat actors such as Vacant Viper and Horrid Hawk have emerged in the domain hijacking landscape.
- Individuals and businesses are at significant risk, suffering from brand reputation damage and financial fraud.
- Preventable with correct domain and DNS configurations.
MITRE Techniques :
- TA0032: Credential Dumping – Technique used to gather credentials for further attacks.
- TA0042: Resource Development – Actors develop their infrastructure for distributing malicious traffic.
- TA0057: Credential Access – Actors leverage hijacked domains to facilitate phishing scams and credential theft.
- TA0081: Exploit Public-Facing Application – Attackers exploit misconfigured DNS settings to gain control over domains.
Indicator of Compromise :
- [Domain] malicious[. ]com
- [Domain] test[. ]co.uk
- [Email Address] attacker@example[. ]com
- [URL] https://example[. ]com/path
- [IP Address] 8.8.8.8