As Forbes reports, hijacking internet domains is nothing new, but a new Infoblox report reveals how the threat has evolved into an ongoing attack methodology. Forbes explains:
The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability such an attack exploits. “The attack takes advantage of misconfigurations in the Domain Name System settings for an internet domain,” the threat intelligence analysts said, “specifically when the domain server points to the wrong authoritative name server.” I called this a vulnerability, as did the security researchers and threat intel experts at Infoblox, yet lame delegation, to give it a formal name, is not considered an official one by the common vulnerabilities and exposures rating system, nor by the Cybersecurity and Infrastructure Security Agency. This lack of official attention, Infoblox moots, could be why hackers and other threat actors are consistently flying under the radar as far as sitting duck cyber attacks are concerned.
Read more at Forbes.