Anatomy of a DNS Hijacking: The Fascinating Case of the Sea Turtle Campaign

Webinar Registration

DNS is just the boring plumbing of the Internet that translates to domain names to IP addresses, right?

Wrong. It’s a major foundational element of the chain of trust in today’s ostensibly secure Internet. And despite how critical it is to security; DNS was designed before cybersecurity was a thing. Security is an afterthought in DNS.

And the bad guys are using this to their advantage. Especially a group dubbed Sea Turtle (don’t ask me, I think Talos had the naming honors on this one – I’ve always viewed Sea Turtles as cute and harmless). In this installment of my Anatomy of a Hack series, I’ll show you how DNS hijacking works and why Sea Turtle has been so successful.

This is a story of:

Hacked 1^st parties – the ultimate intended targets
Hacked 3^rd parties – including domain registrars and telecoms and other service providers to the primary targets
Certificate impersonation
Stolen certificates
Man-in-the-middle and VPN servers
Spearphishing

But primarily it’s about DNS hijacking. If you can tamper with the IP address returned for a victim’s domain name, you are well along your way to pwning the victim. Turns out, there are many ways to accomplish that – multiple levels at which to attack a target’s DNS records:

The target organization’s account at their registrar – when you login to your domain name registrar what kind of authentication is required? If you use a weak password and there’s no dual-factor, this is the easiest way for an attacker to hijack your DNS
The registrar’s network – how secure is the registrar?
The DNS server. Most of us use a DNS hosting service. Same points as in #1 and #2
Registries – not to be confused with registrars

Of course, we’ll talk about defensive measures including:

Careful selection of domain and DNS service providers
Registrar locks
2-factor authentication
DNSSEC
Using passive DNS to detect abuse of your domains
Monitoring IP address changes returned for your DNS records
DNS over HTTPS and how it affects the Enterprise

I’ll get some help from Security Engineer, Chad Anderson of DomainTools who is an expert in leveraging DNS data in the cause of cyber security. Chad will also briefly show you their awesome technology that helps you detect attackers targeting you before they even get started.

Join us for this real-training-for-free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Zip/Postal Code:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.