Hackers Spear-phish ICANN And Compromise DNS Zone System

ICANN_LOGOIt does not get any worse than this. Or better than this, if you are a criminal hacker. Domain-name management organization ICANN announced it has been hacked and its DNS zone administration system has been compromised. DANG.

Attackers sent icann.org employees spear phishing attacks, looking like they came from their own organization. Looks like the staffers clicked on a link in the emails which took them to a bogus login page where they left their credentials. It is unbelievable that this kind of thing could happen at ICANN. They of all people should have sufficient security awareness training so that classic social engineering tricks like this are spotted. 

Using these stolen credentials, the hackers tunneled into ICANN's network and compromised the Centralized Zone Data System (CZDS), their Whois portal and more.  The painful part is the CZDS, because it gives authorized parties access to the zone files of all the generic top level domains. 

The good news: You cannot actually change the zone files from that system, which would be the holy grail and I'm sure that was what the hackers were ultimately after. 

The bad news: The hackers were able to get their hands on everyone that is registered in that system, including all the data of the administrators of all the registries and registrars on the planet. Meaning all these people are now direct spear-phishing targets.

ICANN sent a warning email to all CZDS users saying: "The attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password."

So, ICANN, would you please implement some effective security awareness training RIGHT NOW PLEASE?

Here is the ICANN official announcement. Here is some more background at The Register. 


Related Pages: Spear Phishing

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews