Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Attackers Compromise Romanian Domains For Google, Yahoo in DNS Attack

Early Wednesday, unknown adversaries diverted traffic intended for the Romanian sites of Google and Yahoo to a defaced Web page.

Early Wednesday, unknown adversaries diverted traffic intended for the Romanian sites of Google and Yahoo to a defaced Web page.

As it turned out, the sites themselves had not been hacked. The attacker had managed to gain access to DNS servers and altered the DNS entries for domains including google.ro, yahoo.ro, microsoft.ro, paypal.ro, kaspersky.ro, windows.ro, and hotmail.ro to point to a different page in a DNS poisoning attack, Stefan Tanase, senior security researcher at Kaspersky Lab, wrote on the company’s SecureList blog. Instead of going to the correct sites, Tanase determined that both google.ro and yahoo.ro domains were resolving to a Dutch IP address.

Domain Name System servers act as a directory for the Web, translating domain names into the actual IP addresses of the servers so that users don’t have to remember numeric codes. By changing the DNS entry, the attacker ensures that even though users are typing the correct domain name, they are diverted to a malicious site instead.

.PK Domains Hacked Via DNSWhile it’s not known at this time how the attacker got access to the DNS entry, the cause is usually a weak or compromised password, or some kind of a vulnerability on the registrar’s Website.

After scanning the .ro domains, researchers were able to determine that the only DNS entries that had been hijacked were Google’s public DNS servers, 8.8.8.8 and 8.8.4.4. It appears the problem with google.ro domain was fixed around 8am Eastern time (13:00 GMT), according to the SecureList post.

DNS poisoning attacks have been frequently used by attackers. In September, visitors to Al-Jazeera were directed to a page denouncing the news network’s coverage of the ongoing conflict between Syrian rebels and the government. Earlier this year, a group of hacktivists hijacked the DNS records for CBS.com and made it seem as if the contents of the site had been wiped.

“All this could have been much worse if the attacker had other goals in his mind than just becoming famous by defacing famous websites. Imagine how many accounts could have been compromised this morning if these websites were redirected to a phishing page, instead of a defacement page,” Tanase said.

These attacks follow other similar attacks that occurred over the weekend when attackers were able to compromise systems at Pakistani Domain Registrar PKNIC and poison the DNS records for Pakistani URLs maintained by Sony, Microsoft, Yahoo, PayPal, Fanta, Coke, Apple, HP, and Google.

Related Reading: Five DNS Threats You Should Protect Against

Advertisement. Scroll to continue reading.

Related Reading: The Top Five Worst DNS Security Incidents

Related Reading: The Implementation Challenges for DNSSEC

Related Reading: Four Ways to Prepare Your Enterprise for DNSSEC

Related Reading: 5 Strategies for DNSSEC Key Management & Rollover

Related Reading: The Missing Ingredients for DNSSEC Success

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.