Incident Response, TDR

Threat of the month: Domain hijacking

What is it? 

Domain hijacking is a popular attack technique that has been used to compromise major domains. 

How does it work? 

Attackers use social engineering or other tactics to gain access to credentials of the registrar.  

Should I be worried? 

Yes. If attackers gain access to your domain name system (DNS) records, your business and brand reputation are at risk. Attackers can redirect your web traffic to malicious websites to infect your customers with malware. They can also send and receive phony emails as your business and obtain an SSL certis in your name.

How can I prevent it? 

First, ask for the results of your registrar's last security audit to ensure they have comprehensive security measures in place. Next, apply registry locks to prevent unauthorized domain changes. With registry locks in place, authorization from the top-level domain (TLD) owner and a secondary form of authentication are required to make changes.

Tod Beardsley

Tod Beardsley is VP of Security Research at runZero, where he “kicks assets and fakes frames.” Prior to 2025, he was the Section Chief for the Vulnerability Response section for CSD/VM/VRC at CISA, the Cybersecurity and Infrastructure Security Agency, part of the US government. He’s also a founder and CNA point of contact for AHA!. He spends much of his time involved in vulnerability research and coordinated vulnerability disclosure (CVD). He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern ICS/OT implementations. He has held IT ops, security, software engineering, and management positions in large organizations such as the Rapid7, 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Tod is a CVE Board member, has authored several research papers, and hosted Rapid7’s Security Nation podcast with Jen Ellis. He is also a former Travis County Election Judge in Texas, and is currently an internationally-tolerated horror fiction expert.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Brute ForceBusiness Email Compromise (BEC)Computer Emergency Response Team (CERT)Covert ChannelsDNS SpoofingDefacementDenial of ServiceDictionary AttackDrive-by DownloadDumpSec

You can skip this ad in 5 seconds