• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Incident Response

Sitting Ducks attacks remain widespread and unnoticed

FutureCISO Editors by FutureCISO Editors
November 19, 2024
Sitting Ducks attacks remain widespread and  unnoticed

Photo by Rodrigo Zarate: https://www.pexels.com/photo/white-duck-resting-on-grass-13992817/

Share on FacebookShare on Twitter

Infoblox Threat Intel has unveiled alarming findings regarding a largely overlooked cyber threat: domain hijacking through "Sitting Ducks attacks." This method, which has been gaining traction since 2018, allows cybercriminals to seize control of domains by manipulating their DNS configurations. Infoblox’s latest report estimates that over 1 million registered domains are potentially vulnerable each day, highlighting the significant risk posed to organisations across various sectors.

The report builds on previous research and reveals that approximately 800,000 domains were identified as vulnerable, with around 70,000 already hijacked. This worrying trend underscores the need for increased awareness and proactive measures in the cybersecurity community.

Several key threat actors have emerged in this space, including Vacant Viper and Vextrio Viper. Vacant Viper is known for hijacking about 2,500 domains annually since late 2019, using them to enhance a malicious traffic distribution system called 404TDS.

This system facilitates various illegal activities, such as distributing spam, delivering malware like DarkGate and AsyncRAT, and establishing control for remote access trojans (RATs). Notably, Vacant Viper targets high-reputation domains rather than specific brands, aiming to avoid detection by security measures.

Vextrio Viper, another major player, operates one of the largest cybercriminal affiliate programs, leveraging hijacked domains to channel compromised web traffic to over 65 partners. This actor has been active since early 2020, employing sophisticated tactics, including the use of Russian anti-bot services to evade security researchers.

Newly identified actors, Horrid Hawk and Hasty Hawk, are also exploiting the vulnerabilities associated with Sitting Ducks attacks. Horrid Hawk focuses on investment fraud schemes, using hijacked domains to craft convincing advertisements for nonexistent government programs. Their campaigns span multiple languages and target a global audience via social media platforms.

Related:  Legacy systems may be sabotaging bank's cyber resilience posture

Hasty Hawk, active since March 2022, has hijacked over 200 domains for phishing campaigns, primarily mimicking DHL shipping pages and fake donation sites for Ukraine. This actor employs a dynamic approach, frequently altering the themes of their campaigns and utilising various distribution methods to maximise reach.

Infoblox's findings underscore the urgent need for organisations to heighten their defenses against these evolving threats, as malicious actors continue to refine their tactics in the domain hijacking landscape.

Tags: Infobloxphishingremote access trojans
FutureCISO Editors

FutureCISO Editors

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl