Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Securing Against Domain Hijacking with Strong Access Controls
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Securing Against Domain Hijacking with Strong Access Controls
Uncategorized

Securing Against Domain Hijacking with Strong Access Controls

thu@duosecurity.com
thu@duosecurity.com
5 Min Read
SHARE

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

More Read

Facebook, Scrabble, and the Limits of Free
Missed It By That Much
Smart phones: Privacy being undermined (or ignored)
Vintage Video High Tech India – 1989
R or SAS: Quick Links to the Recent Debates

In the Lenovo and Google DNS attacks, the DNS for both were modified to redirect to different websites when their domain name was typed into browsers. Web Commerce Communications, a Malaysian company that registers domain names, was the conduit of the redirects and attack.

In the case of Lenovo, attackers changed registration details to redirect Lenovo visitors to nameservers at CloudFlare, which redirected visitors to several different IP addresses. The hackers (identified as the Lizard Squad) had somehow gained access to Lenovo’s registrant account, which also gave them access to some of Lenovo’s email, as PCWorld.com reported.

Last year, Craigslist was the target of a DNS hijack, redirecting visitors to a site hosted on DigitalGangster(dot)Com, as SecurityWeek.com reported. Craigslist’s CEO acknowledged that a DNS outage occurred as the result of a compromise – the company’s DNS records showed that one of their domain registrars were compromised.

And as SecurityWeek.com reported, these attacks aren’t very technical or sophisticated, nor do they usually affect customer data. Attackers can execute these attacks with phishing or other social engineering methods that give them access to online DNS accounts.

For example, the Syrian Electronic Army (SEA) used DNS hijacking and phishing to attack the New York Times and several Twitter accounts last year. And, in 2013, the SEA compromised the Associated Press (AP) Twitter account and posted a fake tweet that claimed the White House had been bombed, and President Obama was injured. Even though the tweet was deleted, the tweet moved the stock market in seconds – leading to a $136.5 billion dip in the S&P 500 index that day, as Bloomberg Business reported.

How do you prevent criminals from stealing your domain? As an article from Entrepreneuer.com recommended using:

Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.

Likewise, a DNS Made Easy, an IP DNS service provider, agrees with using an additional authentication security solution, as reported in ITBusinessNet.com:

Domain and registrar hijacking is a serious concern as hackers can gain unauthorized access into a server and emails as well as have access to sensitive information. We encourage all companies to discuss extra security with their registrars. It should be a company policy to enable a minimum of two-factor authentication for anything as important as DNS and domain registration.

An online method of authentication may refer to logging in with a username and password, in addition to a secondary method of authentication, like a smartphone app that sends push notifications to your phone, requiring the use of a smartphone to approve any authentication requests.

Using a solid two-factor solution may safeguard your organization against future domain hijacking attacks. Learn more about different solutions and find one that fits your company in our Two-Factor Evaluation Guide.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Reflecting on Times Open

7 Min Read

Java Instead of Python

3 Min Read

Book Review: Information-Driven Business

2 Min Read

Socialthing!

2 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?