Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    big data analytics in transporation
    Turning Data Into Decisions: How Analytics Improves Transportation Strategy
    3 Min Read
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Securing Against Domain Hijacking with Strong Access Controls
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Securing Against Domain Hijacking with Strong Access Controls
Uncategorized

Securing Against Domain Hijacking with Strong Access Controls

thu@duosecurity.com
thu@duosecurity.com
5 Min Read
SHARE

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

More Read

Clear Use Cases Clear a Path to Success
People, Process & Politics: Integration Competency Centers
Here Comes Web 3.0: Wolfram|Alpha Launches Today
How IT Services Companies can Thrive in the Age of Cloud
The First Date

In the Lenovo and Google DNS attacks, the DNS for both were modified to redirect to different websites when their domain name was typed into browsers. Web Commerce Communications, a Malaysian company that registers domain names, was the conduit of the redirects and attack.

In the case of Lenovo, attackers changed registration details to redirect Lenovo visitors to nameservers at CloudFlare, which redirected visitors to several different IP addresses. The hackers (identified as the Lizard Squad) had somehow gained access to Lenovo’s registrant account, which also gave them access to some of Lenovo’s email, as PCWorld.com reported.

Last year, Craigslist was the target of a DNS hijack, redirecting visitors to a site hosted on DigitalGangster(dot)Com, as SecurityWeek.com reported. Craigslist’s CEO acknowledged that a DNS outage occurred as the result of a compromise – the company’s DNS records showed that one of their domain registrars were compromised.

And as SecurityWeek.com reported, these attacks aren’t very technical or sophisticated, nor do they usually affect customer data. Attackers can execute these attacks with phishing or other social engineering methods that give them access to online DNS accounts.

For example, the Syrian Electronic Army (SEA) used DNS hijacking and phishing to attack the New York Times and several Twitter accounts last year. And, in 2013, the SEA compromised the Associated Press (AP) Twitter account and posted a fake tweet that claimed the White House had been bombed, and President Obama was injured. Even though the tweet was deleted, the tweet moved the stock market in seconds – leading to a $136.5 billion dip in the S&P 500 index that day, as Bloomberg Business reported.

How do you prevent criminals from stealing your domain? As an article from Entrepreneuer.com recommended using:

Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.

Likewise, a DNS Made Easy, an IP DNS service provider, agrees with using an additional authentication security solution, as reported in ITBusinessNet.com:

Domain and registrar hijacking is a serious concern as hackers can gain unauthorized access into a server and emails as well as have access to sensitive information. We encourage all companies to discuss extra security with their registrars. It should be a company policy to enable a minimum of two-factor authentication for anything as important as DNS and domain registration.

An online method of authentication may refer to logging in with a username and password, in addition to a secondary method of authentication, like a smartphone app that sends push notifications to your phone, requiring the use of a smartphone to approve any authentication requests.

Using a solid two-factor solution may safeguard your organization against future domain hijacking attacks. Learn more about different solutions and find one that fits your company in our Two-Factor Evaluation Guide.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

big data analytics in transporation
Turning Data Into Decisions: How Analytics Improves Transportation Strategy
Analytics Big Data Exclusive
AI and fund manager software
AI And The Acceleration Of Information Flows From Fund Managers To Investors
Artificial Intelligence Exclusive
sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Change Management: The What, Why, and How

4 Min Read

Dress shoes, Sports Shoes, my feet still hurt

1 Min Read

Learning from Conversations

4 Min Read

My Social Media System, What’s Yours?

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?