TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

The Dangers of DNS Hijacking

2025-01-09 · Read original ↗

ATT&CK techniques detected

10 predictions
T1583.001Domains
76%
“an attacker acquires the old domain, they can set up a replica support portal and intercept credentials, sensitive information, or communications from customers who aren ’ t aware of the change. example : in 2016, the united kingdom ’ s national health service ( nhs ) faced this …”
T1584.002DNS Server
61%
“vulnerable to this type of email hijacking, potentially allowing attackers to intercept sensitive communications or manipulate official correspondences. example : in 2014, the canadian government faced a breach when an old domain, formerly used for governmental email accounts, wa…”
T1584.002DNS Server
58%
“are some crucial reasons why it ’ s critical to stay on top of dns and expired domains — and some examples of what could go wrong if you don ’ t. why domain expiry and dns monitoring matter while dns hijacking is nothing new, it is rarely considered to be the most pressing cybers…”
T1071.004DNS
52%
“are some crucial reasons why it ’ s critical to stay on top of dns and expired domains — and some examples of what could go wrong if you don ’ t. why domain expiry and dns monitoring matter while dns hijacking is nothing new, it is rarely considered to be the most pressing cybers…”
T1583.001Domains
51%
“exploited long after a service is taken offline. ensuring robust dns and domain hygiene domain name hijacking is rarely something that is done accidentally or by security researchers. services, such as expireddomains. net or justdropped. com handily list all expired and soon - to…”
T1557.001Name Resolution Poisoning and SMB Relay
41%
“the dangers of dns hijacking introduction you know the saying, right? “ it ’ s always dns ” ( unless it ’ s bgp, but i digress ). back in 2017 we covered just how the domain name system ( dns ) is the achillies heel of the internet and things haven ’ t improved much in the subseq…”
T1583.002DNS Server
40%
“are some crucial reasons why it ’ s critical to stay on top of dns and expired domains — and some examples of what could go wrong if you don ’ t. why domain expiry and dns monitoring matter while dns hijacking is nothing new, it is rarely considered to be the most pressing cybers…”
T1584.001Domains
35%
“##ains. this allowed them to create credible phishing sites that spoofed banks and social media platforms. dependency hijacking for apis and integrations many applications rely on dns records for api calls or third - party integrations. if a dns record points to an expired domain…”
T1649Steal or Forge Authentication Certificates
33%
“and certificate verification monitoring regularly check whois information associated with your domains and monitor for any certificate issuance under your domain names. this can help detect potential hijacks or improper verification processes involving your domains. educate your …”
T1584.001Domains
30%
“an attacker acquires the old domain, they can set up a replica support portal and intercept credentials, sensitive information, or communications from customers who aren ’ t aware of the change. example : in 2016, the united kingdom ’ s national health service ( nhs ) faced this …”

Summary

How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.