Recent research highlights a critical vulnerability in domain security, termed the “Sitting Ducks” attack, which has enabled cybercriminals to seize over 35,000 registered domains. This method bypasses traditional security measures by manipulating registrar-level configuration flaws and exploiting inadequate ownership verification protocols set by DNS providers. The implications are alarming, as researchers from Infoblox and Eclypsium estimate that this attack strategy could compromise more than a million domains on any given day.
The attack, first documented in 2016 by security engineer Matthew Bryant, requires specific conditions to succeed. Domains at risk delegate their authoritative DNS services to a different provider from the registrar, while the DNS server fails to resolve requests correctly. Additionally, if the DNS provider allows claims of domains without verifying ownership, attackers can easily take control. Variations of this attack include misinformation about delegation and opportunistic claims when domain services or web hosting panels expire.
Cybercriminal groups have actively employed the Sitting Ducks strategy over the years to facilitate activities including spam dissemination, fraud, malware distribution, phishing, and data theft. Infoblox and Eclypsium have noted that between 2018 and 2019, cybercriminals retained control of some domains for extended periods, sometimes exceeding a year, before the domains were repurposed for malicious uses by various groups.
To mitigate this threat, domain owners must proactively verify their DNS configurations to ensure there are no incorrect delegations, particularly for long-held domains. Registrars bear the responsibility of conducting regular checks of domain statuses and notifying owners of any discrepancies. Ultimately, regulatory bodies and standardization organizations need to devise comprehensive strategies to close the loopholes that allow for such attacks, urging DNS providers to adopt stringent verification measures to fortify domain security against the lurking danger of Sitting Ducks attacks.
