Recent hacks at registrars show how important it is to keep investing in cybersecurity. Domain Guard and Domain Shield allow you to avoid many such attacks.
In March 2020, scammers were able to use voice phishing , or vishing for short, to deceive a number of employees of registrar GoDaddy and gain control over a handful of domain names.
Last autumn, cyber criminals were once again able to deceive GoDaddy employees with their malicious practices. Again, criminals were able to tamper with the domain name data of certain websites via vishing. One of the affected websites was a bitcoin trading platform. The hackers managed to change the DNS settings, which allowed them to divert mail and web traffic to the infrastructure they controlled and gain access to crucial documents.
It is important for companies to continue investing in security, research and innovation.
The IT team of the affected platform was able to quickly detect and contain the attack. They took immediate steps to prevent further damage and to secure their users' accounts. The malicious attackers presumably obtained personal information of users, such as an e-mail address, name, address and encrypted password. Hackers also targeted two other cryptocurrency exchanges, resulting in similar breaches of user privacy.
Data in the wrong hands
Because the attacks were detected quickly in all these cases, the damage was contained. But they do show how ruthless cybercriminals are when they even set their sights on IT specialists such as registrars. It also proves they do not lack guts. And it shows once again how important it is for companies to continue investing in security, research and innovation.
If cybercriminals succeed, they can steal the personal data of the users of a hacked platform or website. Cybercriminals can also target registrars to get hold of domain name administrator data and hijack their domain names and websites. Or they can use these personal data for carrying out more sophisticated phishing attacks that are more difficult to detect.
More people are working from home because of the corona crisis. This makes them an easier target for vishing. Hackers, for example, pretend to work for a competent authority to obtain company data. This is a variant of the known CEO fraud, where cybercriminals pretend to be the CEO and instruct an employee to make a money transfer for the company.
In the event of registrars, this can have major consequences for the company, such as reputation damage, but of course also for the customers involved, the registrants. Individuals with malicious intents can hijack domain names, transfer them or even delete them. Registrars can prevent this by suggesting Domain Guard or Domain Shield to customers.
- Restrict VPN connections to managed devices, using e.g. hardware controls or installed certificates. This means login data alone are insufficient to access the corporate VPN.
- Limit VPN access times where possible, to reduce access outside working hours.
- Actively scan web applications for unauthorised access, modifications and suspicious activity.
- Use a formalised authentication process if communication between employees takes place on a public telephone network.
- Use 2FA (two factor authentication) and OTP (one time passwords) to eliminate confusion when an employee needs to provide authorisations.
- Check that the web links you are directed to do not contain spelling mistakes or the wrong domain.
- Be wary of unexpected phone calls, visits or emails from unknown people claiming to work for a legitimate organisation. Do not disclose personal or company information without being sure of someone's competence. If possible, try to verify the caller's identity directly with the company.
- If you receive a vishing call, write down the caller's phone number and the domain to which you are being directed, and pass this information on to the police.