|Photo By Virgiliu Obada via Shutterstock|
Recently the Dutch security firm Fox-IT fell victim to hackers which allowed them to take control of its servers and intercept login credentials and confidential data.
Fox-IT stated in a blog post that the attack enabled the hackers to gain “unauthorized access to Fox-IT’s account with a third-party domain registrar” and “change a domain name system that designated the IP address” corresponding to the company’s client portal. This gave the hackers control of the company's data and systems with all its traffic. The hackers bypassed the HTTPS-based encryption by using their control of the domain and obtaining a new transport security certificate layer.
The DNS attack was detected by the firm some five hours after it started with engineers restoring settings to the correct server and changing the password. However, the attack continued as changes in the settings of DNS takes time before replacements can take effect. It took the company engineers some 10 hours and 24 minutes to finally end the attack and secure the domain.
Attackers were able to get the login credential of nine users, 10 files, a mobile number, plus several names and email addresses of clients. The accounts, however, were protected with a two-factor authentication system which prevented the hackers from accessing them. A two-factor authentication by Fox-IT could have also secured their domain registrar account and which could have prevented the hack from progressing.
Fox-IT officials later issued statements of regret saying that the incident happened but that they were able to detect and respond quickly, limiting its scale and length of incidence.