Attacks/Breaches
1/26/2012
11:29 AM
50%
50%

SOPA Protesters Try New Tactic: DNS Hijacks

Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.

Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website.

According to a blog written by security expert Lars Harvey of IID, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victim's legitimate website (and often all the email and back-end transactions, too) to a destination of the attacker's choosing.

"A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware," Harvey stated.

Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure they're resolving properly around the world, making them vulnerable to attack, the blog said.

"The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle," Harvey reports. "Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack."

On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didn't like the mixed-martial arts company fighting the organization's support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach, for the same reason.

Read the rest of this article on Dark Reading.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.