Hacktivists redirect traffic from several sites, including handbag-maker Coach.com, in retaliation for anti-piracy bill support.
Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website.
According to a blog written by security expert Lars Harvey of IID, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victim's legitimate website (and often all the email and back-end transactions, too) to a destination of the attacker's choosing.
"A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware," Harvey stated.
Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure they're resolving properly around the world, making them vulnerable to attack, the blog said.
"The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle," Harvey reports. "Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack."
On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didn't like the mixed-martial arts company fighting the organization's support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach, for the same reason.
Read the rest of this article on Dark Reading.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024