Jan 26, 2012 (06:01 AM EST)
SOPA Protesters Try New Tactic: DNS Hijacks
Read the Original Article at InformationWeek
Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website.
According to a blog written by security expert Lars Harvey of IID, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victim's legitimate website (and often all the email and back-end transactions, too) to a destination of the attacker's choosing.
"A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware," Harvey stated.
Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure they're resolving properly around the world, making them vulnerable to attack, the blog said.
"The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle," Harvey reports. "Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack."
On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didn't like the mixed-martial arts company fighting the organization's support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach, for the same reason.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)