"Domain hijacking and web address network re-directing is a huge problem, getting worse and nearly impossible to prevent from a target company perspective. Essentially, attackers are compromising Internet Service Provider domain name servers or web servers of partners and business associates to re-direct your customers and business-to-business partners to a malicious web site masquerading as your own, in an attempt to get the unknowing customer to provide private security or financial information on the fake site. Companies have no control over other enterprise resources.
"A mass of cyber criminals have created a parallel and intelligent dark internet, one that includes clones of portals luring in customers of legitimate enterprises. They have even figured out ways to evade most security professionals, preventing the tracking attempts to find these bad clones. Not so long ago, it was a standard practice for a security analyst to simply input a web address in a browser or search tool to track the suspected bad web site. Cyber criminals have turned the table and now track security professionals, listing our IP addresses just like we keep lists of known bad actor locations. They will then configure their tools to direct security professionals to the real enterprise web site in question, while their masses of intended targets are still re-directed to the bad web site. They are even known to attack a single address space, or direct even a single user to a malicious location. The security community is beginning to catch on to these evasive techniques, and we are setting up some methods to detect - with a bit of secret sauce for now - but they will figure this out eventually and change their tactics as well.
"Another problem is that when you actually do discover a hijacked domain and re-direct attack, the security pros have got to find out where the bad code is re-directing and ask the ISP or business partner to make the change on their network, DNS, or web sites. This is a hard and long single point issue to fix, while the hacker is simply moving on to the next ISP or partner."
Proficio is a leading Managed Security Service Provider (MSSP) changing the way organizations meet their IT security and compliance goals. It provides the most advanced cloud-based solutions and advanced expertise, insight, experience and unrelenting passion, monitoring and scanning critical assets to defend enterprise networks and applications from cyber attacks and protect compliance. Its founders have helped build and bring to market many of today's acknowledged best-in-class security tools. Proficio partners with leading organizations such as HP ArcSight, Qualys, Palo Alto Networks, and NRI Security.