July 15, 2024 at 09:47AM
Security researchers claim a series of DNS hijackings in web3 businesses are linked to Squarespace’s acquisition of Google Domains. Issue arose from Squarespace’s migration method, allowing cybercriminals to guess admin email addresses and register them. Attacks aimed to change DNS records, rerouting visitors to phishing sites. Firms impacted include Compound Labs, Unstoppable Domains, Celer, and Pendle. Prevention measures advised include enabling 2FA and monitoring logs for unauthorized activity.
Based on the meeting notes, here are the key takeaways:
– Security researchers have claimed that a series of DNS hijackings at web3 businesses is connected to Squarespace’s acquisition of Google Domains last year.
– The attacks appear to have exploited a flaw in the method Squarespace used to migrate Google Domains customer data to its servers, allowing cybercriminals to guess email addresses associated with admin accounts and register the accounts for themselves.
– The attacks began on July 9, affecting all organizations whose domains were migrated to Squarespace following the acquisition.
– Squarespace pre-registered email addresses for domain admins without validating their existence, potentially providing an entry point for attackers.
– Attackers have been observed changing DNS record data to reroute visitors to phishing sites, particularly targeting cryptocurrency and blockchain companies to steal digital assets from users’ wallets.
– The attacks may also involve creating new Google Workspace admin accounts and registering new devices and browsers, exploiting the connection between Squarespace’s acquisition of Google Domains and Google Workspace.
– Several web3 firms have confirmed detecting malicious activity on their Squarespace accounts, but there may still be hundreds of domains at risk of similar DNS hijackings.
– Organizations that had their Google Domains data migrated to Squarespace are advised to enable two-factor authentication (2FA) and monitor logs for any unauthorized activity.
These takeaways provide a summary of the security concerns and potential impacts resulting from the reported DNS hijackings and highlight the recommended actions for affected organizations.