Sitting Ducks: Cybercriminals Hijack 70,000 Domains for Phishing Frenzy
Cybercriminals are exploiting the Sitting Ducks attack technique to hijack domains for phishing and fraud. Nearly 70,000 domains have been hijacked recently, leveraging DNS misconfigurations. Despite increased awareness, the number of hijackings hasn’t decreased, leaving businesses and individuals vulnerable to malware and fraud while threat actors enjoy a quack-tastic time.
Hot Take:
Why settle for a duck pond when you can have a domain lagoon? Cybercriminals have been quacking their way through cyberspace, turning legitimate domains into sitting ducks for phishing and fraud. With 70,000 domains already hijacked, it’s a wonder we aren’t all wearing tinfoil hats and using carrier pigeons for communication. Who knew ducks could be so dastardly?
Key Points:
- Infoblox identified nearly 800,000 vulnerable domains, with 70,000 already hijacked.
- The Sitting Ducks attack technique exploits DNS misconfigurations.
- Hijacked domains include high-reputation brands, making detection difficult.
- Rotational hijacking allows multiple threat actors to exploit the same domain.
- Prominent threat actors include Vacant Viper, Horrid Hawk, and Hasty Hawk.
Already a member? Log in here