Infoblox Threat Intel
This attack is unbelievably powerful, easy, and preventable. It’s the criminal’s best kept secret. Much stealthier and more effective than dangling CNAMEs. We found many Russian-nexus actors, but we suspect there are more to be found. Please boost for awareness and hope we aren’t rediscovering this attack in another 6 years. Thanks to everyone contributed to our understanding of the attack and the actors using it … including Proofpoint, @rmceoin Dave Safely, Mandatory, and @briankrebs @dnsoarc #sittingducks #dns #domainhijacking #cybercrime #cybersecurity #infosec #threatintel #malware #phishing #tds #vextrio #404tds #threatintelligence #infoblox @knitcode https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
Who Knew? Domain Hijacking is So Easy | Infoblox

Learn about the insidious DNS attack vector that threat actors are using to hijack domains from major brands, government institutions, and other organizations, large and small. Find out how to determine whether your domain name is at risk.

Infoblox Blog
Jul 31, 2024 at 12:33pmWeb
Show threadInfoblox Threat IntelJul 31, 2024
Coverage by Eclypsium of Sitting Ducks and the potential for SSL cert acquisition -- well, it isn't potential because threat actors are doing it. We saw both Let's Encrypt and DigiCert certificates obtained by actors. https://eclypsium.com/blog/ducks-now-sitting-dns-internet-infrastructure-insecurity/
Ducks Now Sitting (DNS): Internet Infrastructure Insecurity - Eclypsium | Supply Chain Security for the Modern Enterprise

Was it DNS? It’s always DNS. In this case, DNS (Domain Name System) is filled with sitting ducks (Ducks Now Sitting) for domain name hijacking. Multiple threat actors have been exploiting this attack vector which we are calling Sitting Ducks since at least 2019 to perform malware delivery, phishing, brand impersonation, and data exfiltration. As […]

Eclypsium | Supply Chain Security for the Modern Enterprise
Show threadInfoblox Threat IntelJul 31, 2024
Here is Brian's coverage. https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/
Don’t Let Your Domain Name Become a “Sitting Duck” – Krebs on Security

Show threadInfoblox Threat IntelJul 31, 2024
Check those domains you've been saving in the closet for a later day and make sure their delegation is up to date to prevent them from becoming Sitting Ducks. #dns #threatintel #cybersecurity #infoblox
Show threadInfoblox Threat IntelJul 31, 2024
Intel people keep a lookout… you might have seen these attacks and didn’t realize it. We found notes in our system from over two years ago that said “this domain is hijacked but it doesn’t make any sense.”
Show threadPathetiQJul 31, 2024
@InfobloxThreatIntel @rmceoin @briankrebs @dnsoarc @knitcode isn't that just regular domain hijack TK register an account after the service went offline?
Show threadInfoblox Threat IntelAug 1, 2024
@pathetiq @rmceoin @briankrebs @dnsoarc @knitcode not sure what you mean by regular. The use of Sitting Ducks by threat actors at scale and the breadth of exploitability is previously unpublished -- this is what is jaw dropping. we have a variety of resource links to other known types of hijacks in the blog.