Hackers breach registered French domains to infect visitors with malware

Hackers breach registered French domains to infect visitors with malware

Hackers breach registered French domains to infect visitors with malware

French domain name registrar and cloud hosting company Gandi suffered a major data breach after hackers managed to infiltrate one of its technical providers and steal login details.

The data breach affected 751 registered domains whose data was then diverted to a malicious site but most of these have been recovered since.

The breach occurred on 7th July but a prompt response from Gandi’s security team ensured that most of these domains were recovered. Following an investigation, the domain name registrar concluded that its network infrastructure was secure and that security vulnerabilities in the connection between Gandi and its technical provider allowed hackers to steal valid login details.

Data breach at Cyber Essentials scheme compromises details of registered firms

‘In all, 751 domains were affected by this incident, which involved an unauthorized modification of the name servers [NS] assigned to the affected domains that then forwarded traffic to a malicious site exploiting security flaws in several browsers,’ the company said in a blog post.

The said data breach allowed hackers to use domains to spread malicious software in ‘drive-by’ style attacks. Once the domains were compromised, visitors to such domains were redirected to the Keitaro traffic distribution system. Instead of redirecting them to Google, Keitaro TDS redirected visitors to a Rig Exploit Kit where they got infected by a malware named Neutrino Bot.

According to Switch, a registry for .ch domains, while the initial infection took place at 13:00, prompt action by Gandi ensured that all domains were reverted to the legitimate name servers by 16:00 on 7th July.

‘We also strongly encourage you to inform your customers of this situation so that they may take whatever action they deem necessary to protect their devices and data as well,’ said Gandi.

Major AA data breach compromised personal details of 117,000 customers

This is a classic example of hackers infiltrating corporate servers to obtain IDs and passwords using which they can launch attacks on users’ mobile devices or computers. According to Barry Shteiman, Director of Threat Research at Exabeam, this also enables hackers to access files and databases at will and also make changes to critical services in order to cause havoc.

‘To stop such cases, businesses need to be able to detect unusual use of valid credentials. This is why behavioural analytics has grown so quickly over the last couple of years. It can help combat insider threats by notifying the security team when someone is doing something that is unusual and risky, both on an individual basis and compared to peers,’ he added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]