Infoblox Warns of 'Sitting Ducks' DNS Hijacking Attacks

Infoblox Threat Intel @ Infoblox Blog

Infoblox Warns of 'Sitting Ducks' DNS Hijacking Attacks - 5d

Read more: blogs.infoblox.com

Infoblox has issued a warning about a critical attack vector called the ‘Sitting Ducks attack’ that allows threat actors to gain complete control over a domain by hijacking its DNS configurations. This attack exploits misconfigurations in DNS settings, specifically when the domain server incorrectly points to the wrong authoritative name server. The attack leverages ‘lame delegation,’ a technique where a domain’s authoritative name server is misconfigured, allowing attackers to redirect traffic to their controlled servers. Infoblox has identified over 1 million registered domains vulnerable to this attack. The company has published a detailed report with indicators of compromise to assist organizations in mitigating this threat.

Original img attribution: https://blogs.infoblox.com/wp-content/uploads/dns-predators-hijack-domains-to-supply-their-attack-infrastructure-thumbnail.jpg

References:

Infoblox Blog - Infoblox blog post detailing the 'Sitting Ducks' attack vector. - 6d
insights.infoblox.com - Infoblox research report on the 'Sitting Ducks' attack. - 6d
The Hacker News - The Hacker News report on the discovery of thousands of hijacked domains. - 6d

Classification:

HashTags: DNS Cybersecurity InfoSec
Company: Infoblox
Target: Domains
Product: DNS
Type: Hack
Severity: Medium

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.

FlagThis

Infoblox Warns of 'Sitting Ducks' DNS Hijacking Attacks - 5d

References:

Classification: