Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are significant.
Following their initial publication on Sitting Ducks, Infoblox Threat Intel delved deeper into this topic. The result is a new, eye-opening report estimating that over 1 million registered domains could be vulnerable daily. The report also explores the widespread use of the attack and how multiple actors leverage it to strengthen their malicious campaigns.
During a Sitting Ducks attack, the malicious actor gains full control of the domain by taking over its DNS configurations. Cybercriminals have used this vector since 2018 to hijack tens of thousands of domain names. Victim domains include well-known brands, non-profits, and government entities. Infoblox Threat Intel crafted a monitoring initiative after the initial paper on Sitting Ducks attacks was published in July 2024. The results are very sobering, as 800,000 vulnerable domains were identified, and about 70,000 of those were later identified as hijacked.
More Info