How often have you seen a company without an online presence? Your answer is likely, “Not very often.” Owners at any level will have at least one social media page that connects them to their customers online, even if they don’t have a digital store for online shopping.
Despite the hope that infiltrations had abated, cybersecurity groups have confirmed that not-so-new massive cyberattacks continue to cause problems for businesses online. Let’s examine why business owners are weighing the pros and cons of digital connections and why there are no easy solutions yet.
The Cyberattack Damages Before the Most Recent Discovery
If you’ve been in business for a while and are only now hearing about Sitting Ducks attacks, you’re not alone. The cyberattack technique has been escalating since its appearance in 2018. The attacks are easy to execute and difficult to trace, giving threat actors the opportunity and motive to jeopardize 800,000 to one million registered domains in the last six years!
Domain hijackers usually access the domain control panel during registration by exploiting existing vulnerabilities and stealing login credentials. They can also manipulate Domain Name System settings so the domain directs a click to the attacker’s fraudulent website instead of your business’s official location. From there, the problems escalate as attackers:
- Send malicious malware and infected spam to your customers who are still using your stolen website
- Steal personal information from the customer as they log in or try to purchase your services or products
- Tarnish your company’s image and reputation, losing valuable customers and loyalty
This massive cyberattack has been a reality for more than 70,000 registered domain owners, including big brands, non-profit organizations, and government entities.
The Truth About Your Business’s Cybersecurity
The attacks started coming to light by 2018, but officially, researchers like Matthew Bryant claim they started before that, sometime in 2016. By 2018, things got bad, with over 35,000 domains compromised since then. However, even with this knowledge, it took Eclypsium and Infoblox until July 2024 to give the issue proper public attention, so your business may not even be aware of the domain hijacking.
These platforms disclosed that cybercriminal groups like Vacant Viper and VexTrio Viper steal domains for investment fraud schemes and phishing tactics. The estimate is that Vacant Viper alone has been responsible for roughly 2,500 hijacked domains since December 2019. Will your site be next?
Could Your Business Website Be Next?
Would a DNS exploitation from this massive cyberattack spiral your company into chaos? Sadly, it could. The best way to stay safe from cybersecurity threats comes down to proactivity, including:
- Using a hosting provider separate from your DNS registrar
- Owning lame domains (or subdomains)
- Forgoing weak, highly exploitable DNS registrars prone to data breaches
Researchers haven’t quite grasped the magnitude of these massive cyberattacks, so your business can expect to see developments as things heat up. What can you do? For now, avoid exploitable DNS registrars to keep your domain safe!
