Thousands of web domains hijacked in a "sitting ducks" attack

Experts warn that a cyberattack method known as "Sitting Ducks" is affecting a large number of websites, with nearly a million of them potentially vulnerable to being taken over by criminals. According to a study by cybersecurity experts, about 70,000 pages have already been compromised through this approach.

Although this type of attack has existed since 2018, it has not garnered media attention or the interest of the cybersecurity community. However, thousands of organizations, including well-known brands, nonprofit entities, and governments, have suffered domain name hijacking. Their research indicates that this method allows attackers to take complete control of the DNS configuration of the targeted domain, which can have severe consequences.

When hackers achieve this control, they can redirect compromised web traffic to malware, phishing, or spam networks. Additionally, they have the ability to distribute malicious software to steal information, commit fraud, and engage in affiliate cybercrime programs.

Infoblox began tracking "Sitting Ducks" attacks last summer, discovering that around 800,000 domains were vulnerable, and approximately 70,000 of these had been identified as hijacked. Researchers noted that several criminal groups are exploiting this method, such as Vacant Viper, which is estimated to have hijacked about 2,500 domains annually since late 2019.

Another group, Vextrio Viper, has been using hijacked domains as part of its infrastructure. Infoblox describes Vextrio as the largest known affiliate cybercriminal program. They have also identified new actors in the field, such as Horrid Hawk and Hasty Hawk, who specialize in quickly hijacking vulnerable domains.