201903.19

Domain name Hijacking : Are you protected ?


A recent cyber-attack campaign, attributed to Iranian operators and realized at the DNS level, has sharpened attention to the risks associated with cyber-attacks targeting domain names.

In a previous article, we talked about “Cache Poisoning” of “DNS Spoofing” attacks, using inherent vulnerabilities of the DNS system. The DNSSEC is one of the measures allowing to prevent this kind of attack.

Another type of attack on domain names consists of domain name hijacking. In this case, an illintentioned person uses a security flaw or compromised credentials to take over control of a domain name’s zone, by amending authoritative name servers or editing the zone on the original name servers.

The New York Times and a Brazilian bank were among the victims of such attacks in recent years.


How to prevent such a scenario?


It goes without saying that IP Twins, as an accredited registrar, attach the utmost importance to the security of your domain names.

IP Twins provides you with several features in order to prevent this kind of attack :

The registry lock allows blocking any transfer, WHOIS contact update or authoritative nameservers modification at a registry level. Actions of locking and unlocking domains obey to a specific procedure, determined by the concerned registry. This feature is not enabled by all registries, however, it is available for extensions such as .com, .net, .co.uk, .uk, .eu and .fr

In the absence of a registry lock, for a number of extensions, it is possible to set a feature functioning in similar ways but at a registrar level: the registrar lock. The difference with the registry lock lies in the level where the “lock” operates: one level “below” the registry level.

Access to domain name management platforms can be subject to additional security features. IP Twins notably proposes IP Whitelisting and two-factor authentication for Domainarium 2 users accounts. Domainarium 2 also provides a zone-lock feature, which allows restricting access to designated zones, adding a supplementary security layer to the most critical domain names.

Setting up the registry or registrar locks is highly recommended for your most important domain names. IP Twins also recommends to systematically secure all user accounts able to perform DNS modification with two factors authentication (activated by default).

Your account manager at IP Twins is available to exchange with you on those topics and assist you in securing your key domain names.

About IP Twins

IP Twins is an ICANN-accredited domain name registrar with 15 years of experience in domain name strategy and management. We represent trademark holders in UDRP proceedings.

We deliver security certificates tailored to your needs in order to ensure the safety of visitors to your website.

IP Twins also offers anti-counterfeiting and anti-cybersquatting monitoring services. Detective, our monitoring software, identifies online counterfeits and cybersquatting. We collect evidence and remove references to counterfeits from hundreds of marketplaces, social networks and the web in general.

Should you need to complete these investigations, our team based in China can help.

Do not hesitate to contact us.