Multiple threat actors have been using this sneaky move called Sitting Ducks for, like, years to hijack legit domains for phishing scams and investment fraud. Infoblox, this cybersecurity company, found out that there are almost 800,000 domains that could get hijacked, and about 70,000 have actually been taken over in the last three months. This isn't new; it's been happening since 2018, but it's just now getting a bunch of attention.
So, Sitting Ducks is like, you know, when someone takes over your domain without you knowing? It's totally easy for these cybercriminals because of some messed up DNS settings. The thing is, a lot of the domains they're hijacking are from big brands, non-profits, and even the government! It's like they're playing a game of hide and seek, but with the internet.
Once they have control, they can use these domains to trick people into giving them sensitive info or money. And since these domains are from well-known places, most security tools don't even realize anything's wrong! It's like having a VIP pass to the internet's backstage.
The way they do it is by switching the DNS settings to point to the wrong place. It's like giving your house key to the wrong person. And then, boom, they can use the domain for whatever shady stuff they want for a while until someone notices. Sometimes they even pass it around to other cyber baddies like a hot potato.
Some of these domains include a fun entertainment company, a place to get your TV channels straight, a law firm (yikes), a company that sells fancy bones and face stuff, a store in Thailand that sells clothes online, and even a place that sells tires. Crazy, right?
The person who found this all out, Dr. Renee Burton, said that it's hard to catch these cyber ninjas because once they change the IP, it's like they're wearing an invisibility cloak. The only way to find them is by understanding their patterns, like Sherlock Holmes with a laptop.
These hackers are using these stolen domains for a bunch of shady things, like sending spam emails, fake online drug stores, and even pretending to be a charity for Ukraine. They're like chameleons, blending in so well that it's tough to spot them.
Some of the groups doing this are called Vacant Viper, Horrid Hawk, Hasty Hawk, and VexTrio Viper. They're like the cool kids of the cyber world, except they're totally not cool because they're causing so much trouble.
So, these domains are basically the internet's equivalent of a Swiss Army knife for these hackers. They can do whatever they want without getting caught, like installing malware, stealing passwords, and scamming people. It's super risky, and nobody's really sure what all they're planning next. The cybersecurity peeps are working hard to keep up with them, but it's like playing whack-a-mole.
Long story short, if you've got a domain, make sure it's locked down tighter than your locker at school, or you might just become the next Sitting Duck. And remember, if something online seems too good to be true, it's probably because it's a scam run by some techy troublemakers.