You are a security consultant for a small company. The owner says attackers recently gained access to the company's email account. Soon after, the attackers took control of the company's website and say they will restore it only after they receive a payment. The hosting provider confirms that the web servers are healthy and no unusual logins have occurred, yet users cannot reach the company's site. Based on this information, which type of attack has most likely been carried out against the website?
The symptoms point to DNS hijacking. By compromising the organization's domain-registrar or authoritative DNS settings, the attackers redirected the company's domain away from its legitimate web servers. Because the web servers are still functioning and no suspicious logins are recorded, the problem lies with the DNS records, not the host itself. Man-in-the-middle, session hijacking, and cross-site scripting would not make the site completely unreachable or allow the attackers to demand a ransom for restoring access to the entire domain.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS hijacking and how does it work?
Open an interactive chat with Bash
What are the signs that a DNS hijacking has occurred?
Open an interactive chat with Bash
How can a company recover from a DNS hijacking incident?