FlagThis

MasterCard had a critical DNS error which went unnoticed for five years. A misconfiguration in their DNS records could have allowed attackers to intercept or redirect internet traffic. A security researcher found the error, registered the misconfigured domain (akam.ne) for $300 and fixed it before any abuse could occur. The misconfiguration was on a DNS server that was supposed to end in ‘akam.net’ but instead was configured to use ‘akam.ne’.

A sophisticated botnet is exploiting misconfigured DNS records on approximately 13,000 MikroTik routers to bypass email protection systems and deliver malware through spam campaigns. This botnet operation leverages a simple DNS misconfiguration to send malicious emails that appear to come from legitimate domains, distributing trojan malware and other malicious content.

Infoblox has issued a warning about a critical attack vector called the ‘Sitting Ducks attack’ that allows threat actors to gain complete control over a domain by hijacking its DNS configurations. This attack exploits misconfigurations in DNS settings, specifically when the domain server incorrectly points to the wrong authoritative name server. The attack leverages ‘lame delegation,’ a technique where a domain’s authoritative name server is misconfigured, allowing attackers to redirect traffic to their controlled servers. Infoblox has identified over 1 million registered domains vulnerable to this attack. The company has published a detailed report with indicators of compromise to assist organizations in mitigating this threat.