// THREAT DETECTION AND DATA PRIVACY TERM

Domain Hijacking

Domain hijacking is when an attacker illegally takes control of a website's domain name by changing its registration information without permission. This allows them to redirect traffic to a malicious site, intercept emails, or disrupt services.

Domain Hijacking — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

Domain hijacking is a cyberattack where an adversary gains unauthorized control over a domain name by manipulating its registration records at a domain registrar, often via social engineering, credential theft, or exploiting registrar vulnerabilities. The attack compromises DNS settings (A, MX, NS records), enabling traffic redirection for phishing, malware distribution, and brand impersonation.

BACKGROUND

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and information technology infrastructure protection. It oversees all levels of the federal government and coordinates with U.S. states to improve cybersecurity against private and nation-state hackers. The CISA is headquartered in Arlington, Virginia.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • domain theft
  • domain name hijacking
  • domain slamming
  • brandjacking
  • DNS hijacking
  • domain takeover

USAGE NOTE

This term is used to describe the complete loss of control over a domain, which is a more severe attack than simple DNS spoofing or cache poisoning.

DEVELOPERS

Organizations developing technology related to Domain Hijacking.

  • CSC (Corporation Service Company)

    Provides enterprise-class domain name management and security services, including registry locks, DNSSEC, and multi-factor authentication to prevent unauthorized domain transfers and DNS modifications.

  • MarkMonitor

    A brand protection company, part of Clarivate, that offers secure domain management services for corporations. Their technology focuses on preventing domain hijacking through strict access controls, activity monitoring, and proactive security policies.

  • Cloudflare

    Offers a security-focused domain registrar service that includes free DNSSEC, registry lock, and multi-user permissions to protect high-value domains from hijacking attempts and unauthorized changes.

  • Verisign

    As the registry operator for .com and .net domains, Verisign provides the Verisign Registry Lock Service. This is a high-level security measure that prevents any changes to a domain at the registry level, offering robust protection against hijacking.

  • Akamai

    Provides secure and resilient DNS services like Edge DNS. This technology is designed to withstand DNS hijacking and other DNS-layer attacks, ensuring that user requests are correctly routed to the intended servers.

  • GoDaddy Corporate Domains

    The enterprise division of GoDaddy, providing advanced security solutions for corporate domain portfolios. They offer technologies like registry locks and enhanced authentication to secure critical domains against hijacking.

  • Palo Alto Networks

    Offers DNS Security services and Cortex Xpanse for attack surface management. These tools help identify and protect against DNS-based threats, including various forms of domain and DNS hijacking, by analyzing DNS traffic and discovering vulnerable assets.

RELATED TERMS IN THREATS & ATTACKS