Thursday, March 28, 2024

Leading IT Security Firm Fox-IT hit by Cyber Attack

Worlds Leading IT Security firm Fox-IT hitting by Man-in-the-Middle Cyber Attack and an attacker accessed the DNS records for the Fox-IT.com at their 3 rd party domain register.

This attack leads to spying some small amount of their customer’s activities and this incident has been active the total effective MitM time to 10 hours and 24 minutes.

man-in-the-middle attack is a form of eavesdropping in which an attacker intercepts and relays messages between two parties who are communicating directly with each other.

In this case, Attacker has modified the Fox-IT DNS record and point out to their own server and to intercept and forward the traffic to the original server that belongs to Fox-IT.

Fox-IT client portal was the specific aim for the attacker where Fox-IT used it for an exchange of files with customers, suppliers and other organizations.

Also Read: Beware!! New Spider Ransomware Widely Spreading by using Office Documents

What Happened During this Cyber Attack

First unusual activities triggered on Sept 16, 2017, which contains a reconnaissance with Fox-IT infrastructure including port scans, vulnerability scans, and other scanning activities.

later attacker gain the access to the Fox-IT network and modified the DNS record of the fox-it.com domain.

In this case, Fox-IT believes that client portal still pointed out to Fox-IT legitimate Client portal server but attacker temporarily reroutes the attack and intercepted Fox-IT email for the specific purpose of proving that they owned Fox-IT domain in the process of fraudulently registering an SSL certificate for our ClientPortal.

Sept 19 2017, Fox-IT Experts realized that real MITM attack starts against their server. during this time the fraudulent SSL certificate for ClientPortal was in place and the IP DNS record for clientportal.fox-it.com was changed to point to a VPS provider abroad.

According to Fox-IT investigation, name servers for the fox-it.com domain had been redirected and that this change was not authorized. We changed the DNS settings back to our own name servers and changed the password to the account at our domain registrar

Later Fox-IT disables the two-factor authentication for their client portal to preventing users of ClientPortal from successfully logging in.

Also, Fox-IT kept the portal open to access for the attacker and they concern about not to disclose this activity to the attacker for taking time to investigate more.

“During the meantime of Sept 19 – Sept 20 2017, A full investigation into the incident was undertaken, along with notification of all clients that had files intercepted and the relevant authorities, including the Dutch Data Protection Authority Fox-IT said.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles