October 21, 2016

DNS Attack Targets Popular Websites: Daily Telegraph, The Register, UPS, Acer and Others

(LiveHacking.Com) – Several popular web sites including The Register, The Daily Telegraph, UPS.com and Acer.com suffered a DNS attack on Sunday evening that has resulted in visitors being redirected to third-party webpages.

Paul Mutton, a web security tester and tech author, got a screenshot of what visitors to The Register saw:

Other websites which have been affected by the DNS hack include National Geographic, BetFair and Vodafone. With a DNS attack, the websites themselves are not hacked, but rather the hacker attacks the DNS infrastructure and diverts web traffic to a different site.

The hacked sites share a common registrar, Ascio Technologies, and were registered through NetNames. Both NetNames and Ascio are brands of GroupNBT. Zone-h suggests: “It appears that the turk­ish attack­ers man­aged to hack into the DNS panel of Net­Names using a SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites, to use their own DNS.”

Tim Anderson reminds us that “this kind of attack is more serious than simply hacking into a web server and defacing the content” as with DNS attacks the hacker can intercept not only web requests for the affected names, but also email.

Now, on Monday morning, it looks as if most (if not all) of the targeted sites are using the correct DNS settings.