One Million Websites in Danger of Russian Sitting Duck Attack

One million websites are in danger of attacks mostly of Russian origin called the Sitting Duck attack. More than 30,000 websites have already been lost to these attacks.

This method of hijacking websites was named Sitting Duck because of how easy it was to accomplish. Despite the attack being avoidable, two cybersecurity companies have discovered that there are at least one million websites ready to be taken over using this method.

What Is The Sitting Duck Attack?

The Hacker Blog’s writer Matt Bryant first wrote about the Sitting Duck attack in 2016. It is the exploitation of a common misconfiguration to steal a website, and it’s very easy.

This vulnerability allows online predators, mostly of Russian origin, to secretly redirect website traffic to their own malicious sites, exposing users to various attacks.

FOR YOU: MacOS Less Secure Than Windows and Linux

Things That Expose Websites To Sitting Duck Attacks

When a website is registered, the owner might want a different DNS company to manage its DNS services. The Domain Name System (DNS) translates website addresses into IP addresses, making it easier to locate websites online. Managing your website’s DNS services with another company is known as name server delegation.

Some website owners, however, do not allow DNS providers to properly manage their subdomains and respond to queries by providing them with specific information. This situation is referred to as lame delegation.

This situation enables a Russian actor or another to trick the DNS providers into sending traffic to another website bearing the site’s name, a website likely littered with malicious content.

Although this method of website theft is over 7 years old, it is surprising that many site owners have not addressed this DNS misconfiguration issue for their own sites.

According to cybersecurity companies Infoblox and Eclypsium, approximately one million websites are in danger of the Russian Sitting Duck attack daily.