Security breaches are scary and, at the same time, embarrassing. They can impact sales and also damage a brand’s reputation.
When the survival of your business depends on your brand’s reputation, there’s a lot at stake—especially if you are an online business. New technologies are making cyber criminals smarter and, at the same time, businesses more vulnerable to breaches.
Today, DDoS, remote code execution, cross-site request forgery attacks, and more importantly, domain hijacking are becoming common means for cyber criminals to exploit website vulnerabilities. Let’s take a closer look at them:
► DDoS Attacks
A DDoS attack (Distributed Denial of Service) makes a server or a particular machine’s server unavailable to its users. And this, in turn, allows attackers to access systems offline and compromise either a specific function of a website or an entire website.
► Remote Code Execution Attacks
In both server side and client side, there are vulnerable components like remote directories, unmonitored servers, and libraries that are prone to attacks. In order to trigger a remote code execution attack, cyber criminals use command lines, scripts and malware to exploit these components and extract confidential information. This implies that basic user authentication is not enough to protect websites.
► Cross-Site Request Forgery Attacks
Using a cross-site request forgery attack, cyber criminals send users a forged HTTP request to collect their cookie information. And this is done when a user is logged into a particular account or session.
This process continues as long as a user is logged in. Hence, it’s always a good practice to request users to logout immediately after their job is done or to automatically expire a session if the user is idle for too long.
The Growing Threat of Domain Hijacking
Even though these are some of the most popular breaches, the one that’s rapidly gaining momentum in Singapore is domain hijacking. According to The New Paper Online, 88,000 Singapore domain accounts were breached as of May 2016. Of those, 61,000 belonged to yahoo.com.sg, 8,000 from singnet.com.sg and 3,600 from edu.sg, about 1,100 from ntu.edu.sg and 1,400 from nus.edu.sg.
The domain name of an organisation is more than just a name–it’s an asset. But considering the growing threat of cybercrime, it’s crucial for organisations to understand how attackers hijack domain names and what they can do to protect it.
How exactly does domain hijacking this work? Consider this: Thousands of customers visit your website every day. One unfortunate day, they are greeted with an image of a young man seated in front of a webcam, listening to music. How did it get there? By hijacking your domain name.
Popularly known as domain hijacking or domain theft, it is the act of changing the registration of a domain name without the permission of its original registrant.
What’s worrying is that some of the biggest companies have fallen victim to domain hijacking. Take Lenovo’s website and Google’s main search page for Vietnam for instance. Or perhaps even large digital organisations like Facebook and Enom have suffered at the hands of domain hijacking.
It’s not just organisations that have to endure domain hijacking, it also impacts their customers. More often than not, customers are unaware of the risk of viewing a hijacked website. Also, it’s not always possible to depend on the domain registration provider to allocate resources that enhance security. So, to prevent domain hijacking, it’s important to understand how it’s done in the first place.
How Cyber Criminals Hijack Domains
Cyber criminals trigger an attack to manipulate the flow of communication between a particular business’ Web server and a customer’s domain name. The victim’s website (in this case, an organisation’s website) is taken down and completely replaced with the hijacker’s website.
It’s also worth noting that a domain breach is the end result of common cyber-attacks like phishing, pharming, and exploiting the domain registrar’s loopholes. Let’s see how these tactics help launch a successful domain breach.
Phishing is a common means to generate a domain breach. This technique is inexpensive and includes stealing login credentials. The attacker does this by emailing a link to customers that directs them to the phishing site. Such attacks are growing in number. According to an Anti-Phishing Working Group report, the number of phishing emails rose from 31,064 in January 2015, to 88,000 in August 2015.
Another way to carry out domain hijacking is pharming. In this case, attackers send a code in an email that automatically modifies the local host files of a personal computer. According to an article in TechTarget, these infected host files convert URLs into number strings that an infected computer uses to access websites. This ensures that even when a user types a correct address, that person will end up being redirected to a fake or hijacked website.
Although phishing and pharming appear similar, they aren’t. Unlike phishing, pharming doesn’t require a conscious action from the user.
How to Prevent Domain Breaches
When it comes to preventing attackers from hijacking your domain in Singapore, many registrars offer registrants a registrar lock, which prevents unauthorised altering of information unless the lock is explicitly removed. As the domain is not locked by default, the domain owner can enable the lock by logging into their account on the registrar’s portal, clicking onto their domain(s), and select the “Registrar Lock” option. At the registrar level, both the domain owner and the registrar have access to your domain(s).
While a registrar lock is considered secure, it is worthy to note that there can be vulnerabilities in the domain registrar’s systems that go unnoticed, and cyber criminals capitalise on this opportunity. For instance, if a domain registrar gives someone the authority to change passwords as many times as the person wants, then there will be a chance that attacker will keep guessing the individual’s password until they land on the correct one. And once they get it right, the domain is exposed.
Higher Security to Keep Hackers at Bay
If you need the highest level of domain security, then a registry lock is the option. It is currently a free service from the Singapore Network Information Centre (SGNIC) which prevents hackers from changing domain contacts and software expiry dates, as well as locking name server records that specify the servers which are providing DNS services. A domain owner or the administrative contact appointed by the owner will need to manually verify and authenticate any kind of requests seeking to alter domain names in a server. All the owner / contact have to do is to log into [email protected] and RegistryLock portal using SingPass ID or SGNICID and make changes. The same process is required to deactivate RegistryLock for the relevant domain names. At the registry level, even your registrar is not authorised to make changes on your behalf, unless you have appointed your registrar to be your administrative contact.
While the process is not mandatory, it may seem time-consuming. However this extra process provides an added layer of security. This is especially essential for government bodies, educational institutes, banks, large IT enterprises, media companies and online retailers—organisations that experience heavy traffic on their websites or possess high-value domain names.
As of September 2016, more than 600 domain names have chosen to activate RegistryLock.
Besides activating your domain with RegistryLock, keeping up-to-date with security patches, two-factor authentication, call-back authentication and monitoring website traffic are some of the other best practices to keep cybercriminals from hijacking your domain.
It’s important for businesses to understand that without proper security practices and tools, it’s a matter of ‘when’ and not ‘how’ their domain will get hijacked. Staying forewarned is being forearmed.