Wednesday , June 4 2025
duck

1M domains at risk of ‘Sitting Ducks’ domain hijacking

More than a dozen threat actors are using a strong attack method in the domain name system (DNS). These hackers can take control of domain names without the owners realizing, and then use them for harmful activities. Infoblox, an IT automation and security company, cautions about this risk.

The “Sitting Ducks” attack is simple to do, hard to find, often unnoticed, but completely avoidable. Many web domains are at risk of being targeted. Attackers can hijack domains by exploiting mistakes in DNS provider configurations without needing to access the real owner’s account or register a domain themselves.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

“At the heart of Sitting Ducks attacks are incorrect configurations at the domain registrar and inadequate prevention at the DNS provider, both of which are solvable problems,” the report by Infoblox and Eclypsium explains.

To execute a Sitting Duck attack, two conditions are necessary. First, a registered domain must transfer its DNS services to a provider other than the domain registrar.

The delegation is considered lame when the DNS server lacks information about a website and cannot resolve its address.

Lastly, the DNS provider itself needs to be “exploitable” and allow attackers to “claim” the domains and set up new DNS records without accessing the real owner’s account.
Lame delegations happen when DNS servers are set up incorrectly, expired, or don’t respond to DNS queries for a certain domain.

“While these conditions may seem unusual, they are not. Multiple threat actors are actively exploiting this attack vector, and we expect the true exploitation to be larger than is currently known,” the report reads. “Hundreds of domains are hijacked every day.”

Companies sometimes keep ownership of old brands and domain names, even if they no longer use them actively. An attacker can take advantage of this by creating an account and claiming the domain with a vulnerable DNS service provider. This allows them to create a fake website, trick visitors into going to it, send phishing emails, and try to infect victims with malware.

Researchers explain that “the attack is possible because of gaps in how domain names and DNS records are managed, maintained, and authorized.”

DNS providers are now being used by cybercriminals, with more than a dozen threat actors exploiting this technique. Some DNS providers are being used like libraries, allowing cybercriminals to borrow a domain for a certain period of time.

More than 35,000 domains have been taken over since 2018, but the real number is probably even higher. Thieves sometimes take control of domains that were already claimed by other threat actors.

“Threat actors have obtained SSL certificates for the domains in many cases, both from free services like Let’s Encrypt and paid services like DigiCert.” click here to read out the full report.

 

Check Also

Evaly

Evaly E-commerce Platform Allegedly Hacked

Evaly, a Bangladeshi e-commerce platform, is reportedly facing a major data breach that may have …

Leave a Reply

Your email address will not be published. Required fields are marked *