The recent hijack of Lenovo.com by Lizard Squad almost exactly mirrors what happened to Google.com.vn only two days ago - in his blog posting on Monday, director of security research at OpenDNS - Andrew Hay, was the first to confirm that Lizard Squad was using Digital Ocean's Netherlands data centre for hosting.
Speaking about this recent hijack, Andrew Hay said, "Two defacements in a single week is normally nothing, but two extremely high-profile defacements from the same registrar in the same week is a definite trend. We may see more redirections of domains that were registered with Webnic.cc in the coming days."
OpenDNS offers the following insights:
Both sites used the same registrar, Webnic.cc that was implicated in the Google.com.vn redirect
In each case, Lizard Squad used Digital Ocean's Netherlands data centre for their hosting
Both redirects used Cloudflare to obfuscate the IP address of the destination server and to balance the traffic load to the website. Cloudflare acted quickly to take down these free accounts, in both cases
It will likely be very hard to track down the people who set up / conducted these redirects, if Lizard Squad used a free Cloudflare account and used stolen payment information to pay for their hosting from Digital Ocean
To avoid these kinds of redirections, owners should frequently change their passwords and enable domain locking for their sites whenever possible