Firefox Posted February 14, 2019 ID:1298572 Share Posted February 14, 2019 Last updated 2/13/2019 DNS Infrastructure Hijacking Campaign Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks. See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below: https://www.us-cert.gov/ncas/alerts/AA19-024A Link to post Share on other sites More sharing options...
Amaroq_Starwind Posted March 8, 2019 ID:1302749 Share Posted March 8, 2019 Maybe the business line of MalwareBytes products should start incorporating IOCs. Link to post Share on other sites More sharing options...
exile360 Posted March 8, 2019 ID:1302850 Share Posted March 8, 2019 They already do for their products that include their Forensic Timeliner application (refer to the info on this page and this page as well as this article). Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now