Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.
Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website.
According to a blog written by security expert Lars Harvey of IID, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victim's legitimate website (and often all the email and back-end transactions, too) to a destination of the attacker's choosing.
"A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware," Harvey stated.
Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure they're resolving properly around the world, making them vulnerable to attack, the blog said.
"The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle," Harvey reports. "Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack."
On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didn't like the mixed-martial arts company fighting the organization's support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach, for the same reason.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)
Published: 2015-04-27 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 184.108.40.206 iFix8, 6.0.4 before 220.127.116.11 iFix...
Published: 2015-04-27 IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 18.104.22.168, and 6.0.5 before 22.214.171.124 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...
Published: 2015-04-27 The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...
Published: 2015-04-27 The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 126.96.36.199 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Published: 2015-04-27 IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 188.8.131.52 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.