ICANN hit by Spear Phishing attack, several systems compromised
SHARE
, / 378 0
Guy Fawkers Mask

It appeared that the attack was initiated in late November and was discovered a week later.

The Internet Corporation for Assigned Names and Numbers, the nonprofit organization that acts as a gatekeeper for the Internet’s IP addresses and domain names said that hackers tricked their way into its computers.

The U.S.-based organization said it is investigating a Spear Phishing attack; a malicious email that spoofed the ICANN domain targeting one person or a small group of individuals leading them to reveal their network credentials. According to ICANN, one of the first things hackers did was compromise the Centralized Zone Data System (CZDS).

It appeared that the attack was initiated in late November and was discovered a week later. Normally Spear Phishing attacks suggests people click on a link in the messages that take them to a bogus login page, wherein they type their usernames and passwords, giving hackers the keys to their work email accounts to reach deeper. No sign of two-factor authentication, then.

According to ICANN, user names and passwords were made use of to access a Centralized Zone Data System, where intruders took control of files about generic top-level domains as well as names, addresses, passwords and other valuable data about users.

The attackers were also said to have used contrived passwords to access an ICANN wiki page; its blog, and a Whois list of registered owners of web addresses. However, ICANN said the blog and Whois did not appear to have been tampered with, which offered no insight into who was responsible for the attack.

"Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems, investigators said.

"Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures," they added.

Late next year, ICANN is expected to break free of US oversight, to be handed over to an international consortium.

It was said in March that U.S. might not renew its contract with the Los Angeles-based agency, if in case a new oversight system was brought in place that ensures the Internet addressing structure is reliable. Next year, the agency intends to offer a new proposal on oversight to the US Department of Commerce.

 

Author
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook & Google.

Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

PASSWORD RESET


Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

LOGIN