Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Securing Against Domain Hijacking with Strong Access Controls
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Securing Against Domain Hijacking with Strong Access Controls
Uncategorized

Securing Against Domain Hijacking with Strong Access Controls

thu@duosecurity.com
thu@duosecurity.com
5 Min Read
SHARE

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

More Read

Secret of Ford’s Social Media Success
Ethics and Fraud – From a Gray Area to Prison
One-to-One Client Focus
Why Object Oriented Programming Sucks
Intelligent Transportation Systems for Midsized Cities

In the Lenovo and Google DNS attacks, the DNS for both were modified to redirect to different websites when their domain name was typed into browsers. Web Commerce Communications, a Malaysian company that registers domain names, was the conduit of the redirects and attack.

In the case of Lenovo, attackers changed registration details to redirect Lenovo visitors to nameservers at CloudFlare, which redirected visitors to several different IP addresses. The hackers (identified as the Lizard Squad) had somehow gained access to Lenovo’s registrant account, which also gave them access to some of Lenovo’s email, as PCWorld.com reported.

Last year, Craigslist was the target of a DNS hijack, redirecting visitors to a site hosted on DigitalGangster(dot)Com, as SecurityWeek.com reported. Craigslist’s CEO acknowledged that a DNS outage occurred as the result of a compromise – the company’s DNS records showed that one of their domain registrars were compromised.

And as SecurityWeek.com reported, these attacks aren’t very technical or sophisticated, nor do they usually affect customer data. Attackers can execute these attacks with phishing or other social engineering methods that give them access to online DNS accounts.

For example, the Syrian Electronic Army (SEA) used DNS hijacking and phishing to attack the New York Times and several Twitter accounts last year. And, in 2013, the SEA compromised the Associated Press (AP) Twitter account and posted a fake tweet that claimed the White House had been bombed, and President Obama was injured. Even though the tweet was deleted, the tweet moved the stock market in seconds – leading to a $136.5 billion dip in the S&P 500 index that day, as Bloomberg Business reported.

How do you prevent criminals from stealing your domain? As an article from Entrepreneuer.com recommended using:

Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.

Likewise, a DNS Made Easy, an IP DNS service provider, agrees with using an additional authentication security solution, as reported in ITBusinessNet.com:

Domain and registrar hijacking is a serious concern as hackers can gain unauthorized access into a server and emails as well as have access to sensitive information. We encourage all companies to discuss extra security with their registrars. It should be a company policy to enable a minimum of two-factor authentication for anything as important as DNS and domain registration.

An online method of authentication may refer to logging in with a username and password, in addition to a secondary method of authentication, like a smartphone app that sends push notifications to your phone, requiring the use of a smartphone to approve any authentication requests.

Using a solid two-factor solution may safeguard your organization against future domain hijacking attacks. Learn more about different solutions and find one that fits your company in our Two-Factor Evaluation Guide.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive
AI and data mining
What the Rise of AI Web Scrapers Means for Data Teams
Artificial Intelligence Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Starting Your Own Personal Data Quality Crusade

2 Min Read

Change Capacity: What Makes Change Easy or Difficult

7 Min Read

Binge Viewing and Skinny Bundles: What’s a Provider to Do?

6 Min Read

5 Things Your Boss Wants to Know About DaaS

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence
ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?