{"id":3104,"date":"2018-02-20T16:42:10","date_gmt":"2018-02-20T23:42:10","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3104"},"modified":"2019-08-19T13:40:19","modified_gmt":"2019-08-19T20:40:19","slug":"theft-of-newtek-domains-is-a-reminder-to-stay-vigilant","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/theft-of-newtek-domains-is-a-reminder-to-stay-vigilant\/","title":{"rendered":"Theft of Newtek Domains Is A Reminder To Stay Vigilant"},"content":{"rendered":"<h5 class=\"et_pb_toggle_title\">\u00a0Theft of Newtek domains is a reminder to stay vigilant<\/h5>\n<div class=\"et_pb_toggle_content clearfix\">\n<p><strong>Issue<\/strong><\/p>\n<p>Last week a web services company (Newtek) responsible for hosting over 100,000 e-commerce based websites and email servers had three of its core domains stolen. \u00a0These domains originally hosted software that allowed customers of these services to manage their websites.<\/p>\n<p>The attackers then replaced the application that users would normally use to manage their websites with his own application in the form of a live chat service. \u00a0When users logged in, they believed themselves to be chatting with a helpful admin, when in fact they were communicating with the attacker.<\/p>\n<p><strong>Impact<\/strong><\/p>\n<p>The full impact of this is still being determined. \u00a0However, corporate email for many of their customers became unavailable, business websites no longer resolved, and sensitive information was most likely communicated to the attacker.<\/p>\n<p><strong>Recommendations<\/strong><\/p>\n<p>InGuardians recommends that all businesses consider domain hijacking as a potential event in their Business Continuity Plans (BCP). \u00a0It\u2019s important to stay vigilant in ensuring continued ownership of domains. It\u2019s also important to have plans to use secondary domains for web and email traffic in the event of having lost ownership of a domain.<\/p>\n<p>InGuardians recommends building your own capabilities to gather counter-intelligence and to proactively monitor your organizations&#8217; digital footprint.\u00a0 Consider scripts or services for monitoring DNS changes to the domains that you control.<\/p>\n<p>&nbsp;<\/p>\n<p>Wikipedia list these options as a means to prevent an unwanted domain transfer:<\/p>\n<ul>\n<li>Use strong email passwords and enable two-factor authentication if available.<\/li>\n<li>Disable POP if your email provider is able to use a different protocol.<\/li>\n<li>Tick the setting \u201calways use https\u201d under email options.<\/li>\n<li>Make sure to renew your domain registration in a timely manner \u2013 with timely payments and register them for at least five (5) years.<\/li>\n<li>Use a domain-name registrar that offers enhanced transfer protection, i.e., \u201cdomain locking\u201d and even consider paying for registry locking.<\/li>\n<\/ul>\n<p><strong>Additional Resources<\/strong><\/p>\n<p><strong><a href=\"https:\/\/krebsonsecurity.com\/2018\/02\/domain-theft-strands-thousands-of-web-sites\/\">https:\/\/krebsonsecurity.com\/2018\/02\/domain-theft-strands-thousands-of-web-sites\/<\/a><br \/>\n<a href=\"https:\/\/en.m.wikipedia.org\/wiki\/Domain_hijacking\">https:\/\/en.m.wikipedia.org\/wiki\/Domain_hijacking<\/a><\/strong><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Theft of Newtek domains is a reminder to stay vigilant Issue Last week a web services company (Newtek) responsible for hosting over 100,000 e-commerce based websites and email servers had three of its core domains stolen. \u00a0These domains originally hosted software that allowed customers of these services to manage their websites. The attackers then replaced [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[117,135,106,83,104,130,129],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3104"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3104"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3104\/revisions"}],"predecessor-version":[{"id":3105,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3104\/revisions\/3105"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}