Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that’s using relatively novel techniques to compromise targets at an almost unprecedented scale.The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company's computers on the Internet.By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting user’s login credentials.The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking.“A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben Read wrote in a report published Thursday.“They include telecoms and ISP[s], government and sensitive commercial entities.” The campaign, they added, is occurring around the globe at “an almost unprecedented scale, with a high degree of success.”
4
CenturyLink briefly disabled the Internet connections of customers in Utah last week and allowed them back online only after they acknowledged an offer to purchase filtering software.CenturyLink falsely claimed that it was required to do so by a Utah state law that says ISPs must notify customers "of the ability to block material harmful to minors."Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access."Just had CenturyLink block my Internet and then inject this page into my browser... to advertise their paid filtering software to me," software engineer and Utah resident Rich Snapp tweeted on December 9.“Your Internet service has been fully restored”Snapp's Internet access went out while he was watching streaming video via his Amazon Fire TV device.
Advanced security for whatever you do online.Maximum virus and spyware protection with anti-phishing, anti-spam, firewall, and DNS hijacking shields.More info: avast login
Online privacy is in short supply, as revelations from former NSA contractor Edward Snowden and scandals like Cambridge Analytica show."Using HTTP for a website instead of HTTPS has always been problematic," said Nick Sullivan, head of cryptography at Cloudflare, a company that helps websites keep up with traffic demands.Redirect people to fake websites with a technique called DNS hijacking so their usernames and passwords can be intercepted.China's "Great Cannon" used unencrypted HTTP connections to turn visitors to Baidu's website into unwitting attackers of the Github programming website.And Egypt has injected ads and run cryptocurrency mining software on people's computers, according to the Tor Project for advancing private web use and the Association for Freedom of Thought and Expression, a nonprofit that monitors Egyptian network censorship.HTTPS is decades old, but in the early days of the web, it was only used to protect us when typing obviously sensitive data like passwords and credit card numbers into websites.
Online privacy is in short supply, as revelations from former NSA contractor Edward Snowden and scandals like Cambridge Analytica show."Using HTTP for a website instead of HTTPS has always been problematic," said Nick Sullivan, head of cryptography at Cloudflare, a company that helps websites keep up with traffic demands.Redirect people to fake websites with a technique called DNS hijacking so their usernames and passwords can be intercepted.China's "Great Cannon" used unencrypted HTTP connections to turn visitors to Baidu's website into unwitting attackers of the Github programming website.And Egypt has injected ads and run cryptocurrency mining software on people's computers, according to the Tor Project for advancing private web use and the Association for Freedom of Thought and Expression, a nonprofit that monitors Egyptian network censorship.HTTPS is decades old, but in the early days of the web, it was only used to protect us when typing obviously sensitive data like passwords and credit card numbers into websites.
5
Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.Security researcher Patrick Wardle has looked extensively into MaMi (as spotted by 9 to 5 Mac) and observes that while it isn’t particularly sophisticated, it does more than simple DNS hijacking.It’s also capable of pulling off tricks like taking screenshots, downloading and uploading files, executing commands, and it installs a new root certificate to facilitate potential man-in-the-middle attacks.It’s pretty bad news all round, really.How do you get infected?
A Dutch security firm recently fell victim to a well-executed attack that allowed hackers to take control of its servers and intercept clients' login credentials and confidential data.The security firm, Fox-IT, said in a blog post published last week that the so-called "man-in-the-middle attack" lasted for 10 hours and 24 minutes, although the attack was largely contained for much of that time.The attackers carried it out by gaining unauthorized access to Fox-IT's account with a third-party domain register.With that, the attackers effectively hijacked control of fox-it.com and all traffic sent to it.The attackers were able bypass protections provided by HTTPS-based encryption by first using their control of the Fox-IT domain to obtain a new transport layer security certificate."While we deeply regret the incident and the shortcomings on our part which contributed to it, we also acknowledge that a number of the measures we had in place enabled us to detect the attack, respond quickly and confidently and thereby limited the scale and length of the incident," Fox-IT officials wrote.
But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly.On Thursday morning, visitors to WikiLeaks.org saw not the site's usual collection of leaked secrets, but a taunting message from a mischievous group of hackers known as OurMine.WikiLeaks founder Julian Assange explained on Twitter that the website was hacked via its DNS, or Domain Name System, apparently using a perennial technique known as DNS hijacking.DNS hijacking takes advantage of how the Domain Name System functions as the internet's phone book—or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit.It’s how people find you," says Raymond Pompon, a security researcher with F5 networks who has written extensively about DNS and how hackers can maliciously exploited it."If someone goes upstream and inserts false entries that pull people away from you, all the traffic to your website, your email, your services are going to get pointed to a false destination."
Pakistan-based hackers, going by the name Team Pak Cyber Attackers, allegedly hacked and defaced Google's Bangladesh domain with a message taunting the domain security measures implemented by the tech giant.The Google Bangladesh page displayed "Pakistan Zindabad" Long live Pakistan slogan on 20 December confusing some users if they had logged on to the right domain.Several of them on realising that hackers might have taken control of the domain posted screenshots on Twitter.HackRead reports that the hacking group behind this takeover is generally known for breaching high profile Indian government and law enforcement websites.This is the first time the group has targeted a Bangladesh domain.The latest takeover of the site is known as DNS hijacking or DNSredirection.
More

Top